Proposed security patch for xmltooling

Scott Cantor cantor.2 at osu.edu
Wed Sep 23 01:58:51 UTC 2009


Russ Allbery wrote on 2009-09-22:
> Here is what I currently have for xmltooling.  Scott, if you could look
> this over when you get a chance and let me know if you think I got it all,
> that would be great.

This looks complete (minus the UTF-8 encoding fix you mentioned).

This fix, however:

> diff --git a/xmltooling/util/URLEncoder.h b/xmltooling/util/URLEncoder.h

...is not really a security fix per se, I think it came in as a complaint
that some URLs containing commas were causing problems when stored in
cookies. Just a vanilla bug (though a very simple fix).

I can't even find the actual issue, which may mean I forgot to file one at
the time.

-- Scott





More information about the Pkg-shibboleth-devel mailing list