[SCM] Debian packaging for OpenSAML 2.0 branch, squeeze, created. debian/2.3-2+squeeze1
Russ Allbery
rra at debian.org
Mon Jul 25 17:21:08 UTC 2011
The branch, squeeze has been created
at 55c0065978204279aa3e44685e23311c4977d8a7 (commit)
- Shortlog ------------------------------------------------------------
commit 55c0065978204279aa3e44685e23311c4977d8a7
Author: Russ Allbery <rra at debian.org>
Date: Fri Jul 22 19:08:06 2011 -0700
Add upstream patch for "wrapping attack" vulnerability
* Fix vulnerability to a "wrapping attack" that could allow a remote,
unauthenticated attacker to craft messages that can be successfully
verified but contain arbitrary content. This may allow an attacker to
subvert the security of software using OpenSAML and supply an
unauthenticated login identity and data under the guise of a trusted
issuer. (CVE-2011-1411)
-----------------------------------------------------------------------
--
Debian packaging for OpenSAML 2.0
More information about the Pkg-shibboleth-devel
mailing list