[SCM] Debian packaging for the 2.0 Apache Shibboleth SP branch, lenny, updated. debian/2.0.dfsg1-4+lenny1-3-gdce164a

Russ Allbery rra at debian.org
Fri Dec 4 02:04:32 UTC 2009


The following commit has been merged in the lenny branch:
commit dce164a814894faa10231b05c5ef40326aea3a0e
Author: Russ Allbery <rra at debian.org>
Date:   Thu Dec 3 16:31:56 2009 -0800

    Include a description of the security issue in the changelog

diff --git a/debian/changelog b/debian/changelog
index 350614b..c6a8516 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,9 @@
 shibboleth-sp2 (2.0.dfsg1-4+lenny2) stable-security; urgency=high
 
-  * SECURITY: Backport fix for CVE-2009-3300
+  * SECURITY: Partial fix for improper handling of URLs that could be
+    abused for script injection and other cross-site scripting attacks.
+    The complete fix also requires a newer opensaml2 package.
+    (Closes: #555608, CVE-2009-3300)
 
  -- Ferenc Wagner <wferi at niif.hu>  Tue, 24 Nov 2009 16:02:12 +0100
 

-- 
Debian packaging for the 2.0 Apache Shibboleth SP



More information about the Pkg-shibboleth-devel mailing list