Security fix diffs for 1.3.x
Russ Allbery
rra at debian.org
Fri Nov 6 22:33:09 UTC 2009
"Scott Cantor" <cantor.2 at osu.edu> writes:
> Not as part of this fix.
> There is a separate fix that I implemented for this patch release that
> addresses a bug that caused crashes. Technically it's a DoS vector, but
> I didn't do an advisory for it as it's not new, not a secret, and there
> are DoS avenues in this sort of stuff all the time. I just fixed it
> because I had the chance to, and I realized it was a smaller fix than I
> thought.
> Anyway, that fix included a small change to opensaml that I released as
> 1.1.4, but it's not part of this bug. If you want that patch set, I can
> provide it.
Thanks -- I think I'll leave that alone for the time being at least. If I
have time later on, I can see about doing a stable update containing that
fix, but it sounds like a low priority at the moment.
--
Russ Allbery (rra at debian.org) <http://www.eyrie.org/~eagle/>
More information about the Pkg-shibboleth-devel
mailing list