Proposed security patch for xmltooling
Scott Cantor
cantor.2 at osu.edu
Wed Sep 23 01:58:51 UTC 2009
Russ Allbery wrote on 2009-09-22:
> Here is what I currently have for xmltooling. Scott, if you could look
> this over when you get a chance and let me know if you think I got it all,
> that would be great.
This looks complete (minus the UTF-8 encoding fix you mentioned).
This fix, however:
> diff --git a/xmltooling/util/URLEncoder.h b/xmltooling/util/URLEncoder.h
...is not really a security fix per se, I think it came in as a complaint
that some URLs containing commas were causing problems when stored in
cookies. Just a vanilla bug (though a very simple fix).
I can't even find the actual issue, which may mean I forgot to file one at
the time.
-- Scott
More information about the Pkg-shibboleth-devel
mailing list