Security fixes for opensaml2 and xmltooling
Scott Cantor
cantor.2 at osu.edu
Wed Sep 23 03:04:55 UTC 2009
Russ Allbery wrote on 2009-09-22:
> 2. If you do want to issue an advisory (or even if you consider it
> worthwhile anyway), could you assign CVEs? I don't think these
> problems already have CVEs as Debian and Ubuntu are, so far as I know,
> the only distributions shipping Shibboleth as part of the distribution.
Correct, no CVEs exist. As a point of clarification, is this something an
independent project can coordinate, and should I attempt to do so in the
future?
I wasn't entirely clear from what Daniel told me whether he had anything to
do with the curl CVE or if somebody from Red Hat did it.
-- Scott
More information about the Pkg-shibboleth-devel
mailing list