backporting CVE-2009-3300 fixes to 2.0
Scott Cantor
cantor.2 at osu.edu
Thu Nov 5 20:33:06 UTC 2009
Ferenc Wagner wrote on 2009-11-05:
> Oh. I was misled by the "security" component, which isn't a tag,
> really. My bad.
No, those are just functional categories. The security bugs are labeled as
Vulnerability Level and are restricted from access. They should be viewable
once closed, seems to me, but Jira doesn't really allow that, so we'd have
to edit them to lower the level after resolution, and then we lose track.
>> I didn't want to flood people with information prematurely, but I can
send
>> you the diffs related to this bug across all three projects.
>
> Please do so, that may help finding the best solution.
I'll pull the svn links together and send them in a new thread as soon as I
have time.
-- Scott
More information about the Pkg-shibboleth-devel
mailing list