[SCM] Debian packaging for the 2.0 Apache Shibboleth SP branch, lenny, updated. debian/2.0.dfsg1-4+lenny1-3-gdce164a
Russ Allbery
rra at debian.org
Fri Dec 4 02:04:32 UTC 2009
The following commit has been merged in the lenny branch:
commit dce164a814894faa10231b05c5ef40326aea3a0e
Author: Russ Allbery <rra at debian.org>
Date: Thu Dec 3 16:31:56 2009 -0800
Include a description of the security issue in the changelog
diff --git a/debian/changelog b/debian/changelog
index 350614b..c6a8516 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,9 @@
shibboleth-sp2 (2.0.dfsg1-4+lenny2) stable-security; urgency=high
- * SECURITY: Backport fix for CVE-2009-3300
+ * SECURITY: Partial fix for improper handling of URLs that could be
+ abused for script injection and other cross-site scripting attacks.
+ The complete fix also requires a newer opensaml2 package.
+ (Closes: #555608, CVE-2009-3300)
-- Ferenc Wagner <wferi at niif.hu> Tue, 24 Nov 2009 16:02:12 +0100
--
Debian packaging for the 2.0 Apache Shibboleth SP
More information about the Pkg-shibboleth-devel
mailing list