Security fix diffs for 1.3.x

Russ Allbery rra at
Fri Nov 6 22:33:09 UTC 2009

"Scott Cantor" <cantor.2 at> writes:

> Not as part of this fix.

> There is a separate fix that I implemented for this patch release that
> addresses a bug that caused crashes. Technically it's a DoS vector, but
> I didn't do an advisory for it as it's not new, not a secret, and there
> are DoS avenues in this sort of stuff all the time. I just fixed it
> because I had the chance to, and I realized it was a smaller fix than I
> thought.

> Anyway, that fix included a small change to opensaml that I released as
> 1.1.4, but it's not part of this bug. If you want that patch set, I can
> provide it.

Thanks -- I think I'll leave that alone for the time being at least.  If I
have time later on, I can see about doing a stable update containing that
fix, but it sounds like a low priority at the moment.

Russ Allbery (rra at               <>

More information about the Pkg-shibboleth-devel mailing list