[SCM] Debian packaging for OpenSAML 2.0 branch, squeeze, created. debian/2.3-2+squeeze1

Russ Allbery rra at debian.org
Mon Jul 25 17:21:08 UTC 2011


The branch, squeeze has been created
        at  55c0065978204279aa3e44685e23311c4977d8a7 (commit)

- Shortlog ------------------------------------------------------------
commit 55c0065978204279aa3e44685e23311c4977d8a7
Author: Russ Allbery <rra at debian.org>
Date:   Fri Jul 22 19:08:06 2011 -0700

    Add upstream patch for "wrapping attack" vulnerability
    
    * Fix vulnerability to a "wrapping attack" that could allow a remote,
      unauthenticated attacker to craft messages that can be successfully
      verified but contain arbitrary content.  This may allow an attacker to
      subvert the security of software using OpenSAML and supply an
      unauthenticated login identity and data under the guise of a trusted
      issuer.  (CVE-2011-1411)

-----------------------------------------------------------------------

-- 
Debian packaging for OpenSAML 2.0



More information about the Pkg-shibboleth-devel mailing list