Processed: limit source to shibboleth-sp2, tagging 555608

[Debian Bug Tracking System]

Processing commands for control at bugs.debian.org:

> #shibboleth-sp2 (2.3+dfsg-1) unstable; urgency=high
> #
> #  * New upstream release.
> #    - SECURITY: Partial fix for improper handling of URLs that could be
> #      abused for script injection and other cross-site scripting attacks.
> #      The complete fix also requires newer xmltooling and opensaml2
> #      packages.  (Closes: #555608, CVE-2009-3300)
> #    - Avoid shibd crash on dead memcache server.
> #    - Pass the affiliation name to the session initiator.
> #    - Correctly handle a bogus ACS.
> #    - Allow overriding the URL that's passed to the DS.
> #    - Add schema types for new attribute decoders introduced in 2.2.
> #    - Handle success with partial logout in the logout UI code.
> #    - Fix POST data preservation with empty parameters and empty forms.
> #    - Fix SAML 1 specification of attributes in the query plugin.
> #    - Shorten ePTId-type persistent identifiers.
> #    - Use an ID rather than a whole doc reference for generated metadata.
> #    - Fix spelling of scopeDelimiter in the configuration parser, making
> #      the code and documentation match the schema.
> #
> limit source shibboleth-sp2
Limiting to bugs with field 'source' containing at least one of 'shibboleth-sp2'
Limit currently set to 'source':'shibboleth-sp2'

> tags 555608 + pending
Bug #555608 [shibboleth-sp2] CVE-2009-3300
Added tag(s) pending.
>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)