[SCM] Debian packaging for OpenSAML 2.0 annotated tag, debian/2.0-2+lenny3, created. debian/2.0-2+lenny3

Russ Allbery rra at debian.org
Mon Jul 25 17:14:54 UTC 2011


The annotated tag, debian/2.0-2+lenny3 has been created
        at  2667acdb3579ac16c2d6a772c2b21ac0e69466cc (tag)
   tagging  cb36d7846c3bbca3737584f5d089dffb9a124dda (commit)
  replaces  debian/2.0-2+lenny2
 tagged by  Russ Allbery
        on  Sat Jul 23 15:18:55 2011 -0700

- Shortlog ------------------------------------------------------------
Debian release 2.0-2+lenny3

Format: 1.8
Date: Fri, 22 Jul 2011 19:43:05 -0700
Source: opensaml2
Binary: libsaml2 libsaml2-dev opensaml2-tools opensaml2-schemas libsaml2-doc
Architecture: source i386 all
Version: 2.0-2+lenny3
Distribution: oldstable-security
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel at lists.alioth.debian.org>
Changed-By: Russ Allbery <rra at debian.org>
Description:
 libsaml2   - Security Assertion Markup Language library (runtime)
 libsaml2-dev - Security Assertion Markup Language library (development)
 libsaml2-doc - Security Assertion Markup Language library (API docs)
 opensaml2-schemas - Security Assertion Markup Language library (XML schemas)
 opensaml2-tools - Security Assertion Markup Language command-line tools
Changes:
 opensaml2 (2.0-2+lenny3) oldstable-security; urgency=high
 .
   * SECURITY: Fix vulnerability to a "wrapping attack" that could allow a
     remote, unauthenticated attacker to craft messages that can be
     successfully verified but contain arbitrary content.  This may allow
     an attacker to subvert the security of software using OpenSAML and
     supply an unauthenticated login identity and data under the guise of a
     trusted issuer.  (CVE-2011-1411)
Checksums-Sha1:
 3698ca4b41b7d4b5547a1db2a2fe22d792373fe1 1744 opensaml2_2.0-2+lenny3.dsc
 38e08fa5afcd72d406c93afa37ad07f9431d9495 8654 opensaml2_2.0-2+lenny3.diff.gz
 8f2e5f935a165f7379f14dc5995b5d3bf744d893 1084074 libsaml2_2.0-2+lenny3_i386.deb
 4dff0075300929cbb1e2c42d7726997e1c9bc8fe 44994 libsaml2-dev_2.0-2+lenny3_i386.deb
 af8e6a8b66ce568004b7ed2ca0a660140e1878b2 27464 opensaml2-tools_2.0-2+lenny3_i386.deb
 c39ad4621e2f141df3be60c6a51a6c223719eb5e 25962 opensaml2-schemas_2.0-2+lenny3_all.deb
 80f85dd427c2871dd873e22df067cf073232a8d5 366358 libsaml2-doc_2.0-2+lenny3_all.deb
Checksums-Sha256:
 9683ce31281a9faeb98dd1df423cc1b81fb5f7fb0b04c8e5e68a071af956ba41 1744 opensaml2_2.0-2+lenny3.dsc
 e184cd8d548d16904ac8a881b93fac10ac8cea0e79ce222c2f084ad36051e438 8654 opensaml2_2.0-2+lenny3.diff.gz
 51d402f868f589d262046a938f8e439516fe150e43ce943a54c311a5dc53719e 1084074 libsaml2_2.0-2+lenny3_i386.deb
 03e1996aa6328274aa90785ff74f5a3a2773c4d52129c0ea0ef7375d9a0c021e 44994 libsaml2-dev_2.0-2+lenny3_i386.deb
 1db7bedd9d825b8f251fbf74a81a5d45c2580f2d94f412a73d4e3f7f0eb1003a 27464 opensaml2-tools_2.0-2+lenny3_i386.deb
 d6a78d5f2f029e6727cecc297206a106391bc6632c8a770587161f4cbed91012 25962 opensaml2-schemas_2.0-2+lenny3_all.deb
 22b047c1d7bb01f37c6806f732f641fc221dd49841903bd60a282b60b59a2f3c 366358 libsaml2-doc_2.0-2+lenny3_all.deb
Files:
 ca6018fdbf74c5c2ea47410ec1f90512 1744 libs extra opensaml2_2.0-2+lenny3.dsc
 1bd34f3f9c5a436d115365f2c7e59bbb 8654 libs extra opensaml2_2.0-2+lenny3.diff.gz
 6bcc2b7fec5cf6f0df71c95aa970224f 1084074 libs extra libsaml2_2.0-2+lenny3_i386.deb
 ff45fbcc71fb5bc728a24801def50a5b 44994 libdevel extra libsaml2-dev_2.0-2+lenny3_i386.deb
 0a1ef38876f62e86e447bd8006d6abf4 27464 text extra opensaml2-tools_2.0-2+lenny3_i386.deb
 1680b60ca5b5acd8e17eb0df8200a858 25962 text extra opensaml2-schemas_2.0-2+lenny3_all.deb
 ef9f9fcff4eacf8f164f5416239a5b67 366358 doc extra libsaml2-doc_2.0-2+lenny3_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEcBAABCAAGBQJOK0jeAAoJEH2AMVxXNt51IP4IALsTfXhzWsxFFxfJQQiDoUZY
tV8g9QijFL5N75AwPjhjSXmzi+bTH+Fsqz41t9T3nbB6lptoCPsi0061giPGr6EO
8kpNffIZklvf+eSR6lNE/yvZ52CEtrWHa0d4aIYxroQSoAR8S9OTaaMm1BtlRHSR
/J6k4lgTsAIC8DzGW6PHUk7Vv+O7xXkzvR2vJg9SuwJfw4GpqrgBSqc+lP0xouzt
9iYdWPgNU48ER7bl2tijVrVvEjFKbcb5k6DvM5Q0DDyGedtMsnFdrgzub5HLW6lO
aLzoqYz29R078/NE48mwsF0d6Q+0POPMqi36wCl6brv10enMnGribqrkcT1JUEY=
=f4dS
-----END PGP SIGNATURE-----

Russ Allbery (1):
      Add upstream patch for "wrapping attack" vulnerability

-----------------------------------------------------------------------

-- 
Debian packaging for OpenSAML 2.0



More information about the Pkg-shibboleth-devel mailing list