Bug#549936: breaks Shibboleth SPs: IdPs with KeyDescriptor use="signing" are broken

Scott Cantor cantor.2 at osu.edu
Tue Oct 6 21:58:54 UTC 2009

Russ Allbery wrote on 2009-10-06:
>  Ack, I'm sorry.  I didn't realize that, so yes, that will indeed be a
> problem.

Sorry, I didn't understand that the fixes were being published separately, since I was reviewing them simultaneously.

As it stands, I see now that the advisory I wrote should make this issue clearer, since it also mistakenly implies the libraries can be fixed without rebuilding the SP.

> Unfortunately, I'm both sick at the moment and my main computer is
> dead with hardware failure, so I can't easily pursue it at the moment.
> If someone else could, that would be great.  I had proposed the needed
> changes for opensaml2 for the next stable update, but didn't get a reply
> from the bug filed against release.debian.org.  In this case, it may be
> best to ask team at security.debian.org whether this update should instead
> be done via the security queue since having the xmltooling fix without
> the opensaml2 fix breaks the package.

Let me know if I can help.

-- Scott

More information about the Pkg-shibboleth-devel mailing list