Processed: limit source to shibboleth-sp2, tagging 555608
Debian Bug Tracking System
owner at bugs.debian.org
Thu Nov 12 19:36:14 UTC 2009
Processing commands for control at bugs.debian.org:
> #shibboleth-sp2 (2.3+dfsg-1) unstable; urgency=high
> # * New upstream release.
> # - SECURITY: Partial fix for improper handling of URLs that could be
> # abused for script injection and other cross-site scripting attacks.
> # The complete fix also requires newer xmltooling and opensaml2
> # packages. (Closes: #555608, CVE-2009-3300)
> # - Avoid shibd crash on dead memcache server.
> # - Pass the affiliation name to the session initiator.
> # - Correctly handle a bogus ACS.
> # - Allow overriding the URL that's passed to the DS.
> # - Add schema types for new attribute decoders introduced in 2.2.
> # - Handle success with partial logout in the logout UI code.
> # - Fix POST data preservation with empty parameters and empty forms.
> # - Fix SAML 1 specification of attributes in the query plugin.
> # - Shorten ePTId-type persistent identifiers.
> # - Use an ID rather than a whole doc reference for generated metadata.
> # - Fix spelling of scopeDelimiter in the configuration parser, making
> # the code and documentation match the schema.
> limit source shibboleth-sp2
Limiting to bugs with field 'source' containing at least one of 'shibboleth-sp2'
Limit currently set to 'source':'shibboleth-sp2'
> tags 555608 + pending
Bug #555608 [shibboleth-sp2] CVE-2009-3300
Added tag(s) pending.
End of message, stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
(administrator, Debian Bugs database)
More information about the Pkg-shibboleth-devel