Security fix diffs for 1.3.x
Russ Allbery
rra at debian.org
Fri Nov 6 21:58:57 UTC 2009
"Scott Cantor" <cantor.2 at osu.edu> writes:
> The diffs related to the security fix for v1.3.5 of the SP should be
> captured by these two sets:
> http://svn.middleware.georgetown.edu/view/cpp-sp?view=rev&revision=3142
> http://svn.middleware.georgetown.edu/view/cpp-sp?view=rev&revision=3184
> The former change isn't part of the fix per se, but is a change required to
> ensure the SP doesn't generate any redirects that the fix would reject, so
> has to be included.
> The general model for this fix is a partial template for what might be
> done to the 2.x SP to avoid the soname changes, namely duplicating a
> checking function across every module/filter.
Just to double-check, no changes are required for the opensaml 1.x
library, correct? The change is only in the shibboleth-sp package?
--
Russ Allbery (rra at debian.org) <http://www.eyrie.org/~eagle/>
More information about the Pkg-shibboleth-devel
mailing list