Security update for shibboleth-sp in etch
jmm at inutil.org
Sun Dec 6 18:51:06 UTC 2009
On Thu, Dec 03, 2009 at 04:16:33PM -0800, Russ Allbery wrote:
> Moritz Muehlenhoff <jmm at inutil.org> writes:
> > On Tue, Dec 01, 2009 at 06:12:16PM -0800, Russ Allbery wrote:
> >> I'm very sorry about how long it's taken me to prepare these patches.
> >> This should address CVE 2009-3300 in the shibboleth-sp (not
> >> shibboleth-sp2) packages in Debian lenny. I will also work on a
> >> backport of these patches to the version that released with Debian
> >> etch.
> >> Note that the upstream source contains Windows line endings in some
> >> places, which my mailer doesn't want to send without encoding, so this
> >> patch may require the ignore whitespace flag to apply as-is.
> >> Please let me know if these are good for upload to the stable-security
> >> queue.
> > Looks fine, please upload. I'll take care of the update.
> The stable-security update has been uploaded. Here is the corresponding
> fix for oldstable. Let me know if I have approval to upload this to the
> security queue as well.
More information about the Pkg-shibboleth-devel