opensaml2_2.3-1_i386.changes is NEW

Archive Administrator installer at
Tue Nov 17 21:41:19 UTC 2009

  to main/o/opensaml2/libsaml2-dev_2.3-1_i386.deb
  to main/o/opensaml2/libsaml2-doc_2.3-1_all.deb
(new) libsaml6_2.3-1_i386.deb extra libs
Security Assertion Markup Language library (runtime)
 OpenSAML is an open source implementation of the OASIS Security Assertion
 Markup Language Specification. It contains a set of open source C++ classes
 that support the SAML 1.0, 1.1, and 2.0 specifications.
 This package contains the files necessary for running applications that
 use the OpenSAML library.
  to main/o/opensaml2/opensaml2-schemas_2.3-1_all.deb
  to main/o/opensaml2/opensaml2-tools_2.3-1_i386.deb
  to main/o/opensaml2/opensaml2_2.3-1.diff.gz
  to main/o/opensaml2/opensaml2_2.3-1.dsc
  to main/o/opensaml2/opensaml2_2.3.orig.tar.gz
Changes: opensaml2 (2.3-1) unstable; urgency=high
  * Urgency set to high for security fix.
  * New upstream release.
    - SECURITY: Partial fix for improper handling of URLs that could be
      abused for script injection and other cross-site scripting attacks.
      The complete fix also requires newer xmltooling and shibboleth-sp2
      packages.  (CVE-2009-3300)
    - Fix crash on assertions with missing SubjectConfirmation.
    - Remove inline functions except for templates or RAII patterns.
    - Remove xml from the inclusive prefix list to avoid bugs in Apache
      Java xmlsec.
    - Honor digest algorithm in whole document signing with empty URI.
  * Rename library package for upstream SONAME bump.
  * Build-depend on libxmltooling-dev 1.3 or later and make libsaml2-dev
    depend on libxmltooling-dev 1.3 or later for the fixes for URL
  * Build-depend on libxml-security-c-dev 1.5 or later to ensure
    that all builds are consistent.

Override entries for your package:
libsaml2-dev_2.3-1_i386.deb - extra libdevel
libsaml2-doc_2.3-1_all.deb - extra doc
opensaml2-schemas_2.3-1_all.deb - extra text
opensaml2-tools_2.3-1_i386.deb - extra text
opensaml2_2.3-1.dsc - source libs

Announcing to debian-devel-changes at

Your package contains new components which requires manual editing of
the override file.  It is ok otherwise, so please be patient.  New
packages are usually added to the override file about once a week.

You may have gotten the distribution wrong.  You'll get warnings above
if files already exist in other distributions.

More information about the Pkg-shibboleth-devel mailing list