[SCM] Debian packaging for the 2.0 Apache Shibboleth SP annotated tag, debian/2.0.dfsg1-4+lenny2, created. debian/2.0.dfsg1-4+lenny2

Russ Allbery rra at debian.org
Sun Dec 6 21:25:03 UTC 2009


The annotated tag, debian/2.0.dfsg1-4+lenny2 has been created
        at  59bf9fa0332ccfa250576acafc701e9ab3eab5a9 (tag)
   tagging  dce164a814894faa10231b05c5ef40326aea3a0e (commit)
  replaces  debian/2.0.dfsg1-4+lenny1
 tagged by  Russ Allbery
        on  Sun Dec 6 13:23:34 2009 -0800

- Shortlog ------------------------------------------------------------
Debian release 2.0.dfsg1-4+lenny2

Format: 1.8
Date: Tue, 24 Nov 2009 16:02:12 +0100
Source: shibboleth-sp2
Binary: libapache2-mod-shib2 libshibsp1 libshibsp-dev libshibsp-doc shibboleth-sp2-schemas
Architecture: source i386 all
Version: 2.0.dfsg1-4+lenny2
Distribution: stable-security
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel at lists.alioth.debian.org>
Changed-By: Ferenc Wagner <wferi at niif.hu>
Description:
 libapache2-mod-shib2 - Federated web single sign-on system (Apache module)
 libshibsp-dev - Federated web single sign-on system (development)
 libshibsp-doc - Federated web single sign-on system (API docs)
 libshibsp1 - Federated web single sign-on system (runtime)
 shibboleth-sp2-schemas - Federated web single sign-on system (schemas)
Closes: 555608
Changes:
 shibboleth-sp2 (2.0.dfsg1-4+lenny2) stable-security; urgency=high
 .
   * SECURITY: Partial fix for improper handling of URLs that could be
     abused for script injection and other cross-site scripting attacks.
     The complete fix also requires a newer opensaml2 package.
     (Closes: #555608, CVE-2009-3300)
Checksums-Sha1:
 c77f4ca965aaf84f9caa041be19dee90a1793017 1672 shibboleth-sp2_2.0.dfsg1-4+lenny2.dsc
 dad477d1ffb355e1ac1369bcf7db71191934e522 17174 shibboleth-sp2_2.0.dfsg1-4+lenny2.diff.gz
 6157a3ac29a690e2f101b0c12a10529e288e16ff 220864 libapache2-mod-shib2_2.0.dfsg1-4+lenny2_i386.deb
 113729fbcf810d73f5d7753d4271edcdc7327044 830196 libshibsp1_2.0.dfsg1-4+lenny2_i386.deb
 64bc8e4cb5e28c7b9c27c653610f89bc95348842 39896 libshibsp-dev_2.0.dfsg1-4+lenny2_i386.deb
 04a3b0e61d42a907d1d6e88e3bb1861d8ce1267d 258520 libshibsp-doc_2.0.dfsg1-4+lenny2_all.deb
 b40193580e293f55615725842ad7b82161da1a3d 15434 shibboleth-sp2-schemas_2.0.dfsg1-4+lenny2_all.deb
Checksums-Sha256:
 6edb0f338c28b192460cc8cec1f9f7d82f8a4a52cf255b9b11a58b73595bf06c 1672 shibboleth-sp2_2.0.dfsg1-4+lenny2.dsc
 384e32555b4b6f4d34b3f41c926695a820693b8830c8d5ab7723c4bf6ab8d46d 17174 shibboleth-sp2_2.0.dfsg1-4+lenny2.diff.gz
 1b9c50e7ad0dfb0aec5a581a94e5d2432a1c3ce335f6ecd575f6054ebd76dcc9 220864 libapache2-mod-shib2_2.0.dfsg1-4+lenny2_i386.deb
 421565214eb1c4a5f559435e6c64f3967799b649c741544fd4958d675d2736f8 830196 libshibsp1_2.0.dfsg1-4+lenny2_i386.deb
 789042c0627075c7420066e3c7d5418b9e12052282e2557ea68e36430f391892 39896 libshibsp-dev_2.0.dfsg1-4+lenny2_i386.deb
 abdf8e5c973a8a1a4e6123f57a6b55bd5dd0f866fbbaab6786ffdf870dcd8c35 258520 libshibsp-doc_2.0.dfsg1-4+lenny2_all.deb
 5279cdb700033339ad6a36d635016efe6b541d088d1966e21d45376ea2288a75 15434 shibboleth-sp2-schemas_2.0.dfsg1-4+lenny2_all.deb
Files:
 7cef2a57583d84e46a214475c4a25393 1672 web extra shibboleth-sp2_2.0.dfsg1-4+lenny2.dsc
 b9b0333f56c573d4a7f9bf608cbc4a89 17174 web extra shibboleth-sp2_2.0.dfsg1-4+lenny2.diff.gz
 e29f350428d1b68225d7c8ba7cd3a1ae 220864 web extra libapache2-mod-shib2_2.0.dfsg1-4+lenny2_i386.deb
 69baa4d5223c2de49c11efb1f5221a60 830196 libs extra libshibsp1_2.0.dfsg1-4+lenny2_i386.deb
 92ee9791f3230e4ea0af774d21f94168 39896 libdevel extra libshibsp-dev_2.0.dfsg1-4+lenny2_i386.deb
 39b8bdad69f6bfa31730c459da5b575c 258520 doc extra libshibsp-doc_2.0.dfsg1-4+lenny2_all.deb
 4f601fe9b3886b22316a141e01e707a6 15434 text extra shibboleth-sp2-schemas_2.0.dfsg1-4+lenny2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEABECAAYFAkscIOoACgkQ+YXjQAr8dHay2QCfbNmSi8+/Nsl6nVXadIZeDqeg
ws0AoJ2Hhj1qyu8YHCpBGiggqecdMYKK
=RTho
-----END PGP SIGNATURE-----

Ferenc Wagner (1):
      Backport fix of CVE-2009-3300 for SP

Russ Allbery (2):
      Bump shlibs and libtool versioning for the libshibsp change
      Include a description of the security issue in the changelog

-----------------------------------------------------------------------

-- 
Debian packaging for the 2.0 Apache Shibboleth SP



More information about the Pkg-shibboleth-devel mailing list