Security fixes for opensaml2 and xmltooling
Florian Weimer
fw at deneb.enyo.de
Wed Sep 23 19:24:29 UTC 2009
* Russ Allbery:
>> Could you check which packages in Debian instantiate
>> MetadataCredentialCriteria objects?
>
> Thankfully, there's only one reverse dependency of opensaml2, namely
> shibboleth-sp2.
Thanks for investigating.
I'm not sure if the opensaml2 part has to go through security-master.
If we fix this part through stable-proposed-updates, we should be able
to get the fix for shibboleth-sp2 by requesting a binNMU.
What do you think?
More information about the Pkg-shibboleth-devel
mailing list