Proposed security patch for opensaml2

Scott Cantor cantor.2 at osu.edu
Wed Sep 23 01:38:38 UTC 2009


Russ Allbery wrote on 2009-09-22:
> This one is much smaller.  I think this is all that's required for the 2.x
> series.  (I'm working on security patches for the 1.x series now.)

I'll start here since it's a smaller set.

The fix for the "use" bug is the diff you included to
MetadataCredentialCriteria.h, so you're good there.

>    * Include fix for https://bugs.internet2.edu/jira/browse/CPPOST-7

This bug is something different and is not really a security fix, more an
interop thing. Are you including it? If so, I didn't see that diff included,
so I wasn't sure.
 
-- Scott





More information about the Pkg-shibboleth-devel mailing list