[SCM] Debian packaging for OpenSAML 2.0 branch, lenny, updated. debian/2.0-2+lenny1-4-gb6f6e7a

Russ Allbery rra at debian.org
Fri Dec 4 02:04:20 UTC 2009


The following commit has been merged in the lenny branch:
commit b6f6e7aa09adb058f58351ca9c38238aefd8a17f
Author: Russ Allbery <rra at debian.org>
Date:   Thu Dec 3 16:26:04 2009 -0800

    Include a description of the security issue in the changelog

diff --git a/debian/changelog b/debian/changelog
index 0093168..be26efc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,9 @@
 opensaml2 (2.0-2+lenny2) stable-security; urgency=high
 
-  * SECURITY: Backport fix for CVE-2009-3300
+  * SECURITY: Partial fix for improper handling of URLs that could be
+    abused for script injection and other cross-site scripting attacks.
+    The complete fix also requires a newer shibboleth-sp2 package.
+    (CVE-2009-3300)
 
  -- Ferenc Wagner <wferi at niif.hu>  Mon, 23 Nov 2009 20:41:32 +0100
 

-- 
Debian packaging for OpenSAML 2.0



More information about the Pkg-shibboleth-devel mailing list