[SCM] Debian packaging for OpenSAML 2.0 branch, squeeze, created. debian/2.3-2+squeeze1
Leif Johansson
leifj at mnt.se
Mon Jul 25 17:25:02 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 07/25/2011 07:21 PM, Russ Allbery wrote:
> The branch, squeeze has been created
> at 55c0065978204279aa3e44685e23311c4977d8a7 (commit)
>
> - Shortlog ------------------------------------------------------------
> commit 55c0065978204279aa3e44685e23311c4977d8a7
> Author: Russ Allbery <rra at debian.org>
> Date: Fri Jul 22 19:08:06 2011 -0700
>
> Add upstream patch for "wrapping attack" vulnerability
>
> * Fix vulnerability to a "wrapping attack" that could allow a remote,
> unauthenticated attacker to craft messages that can be successfully
> verified but contain arbitrary content. This may allow an attacker to
> subvert the security of software using OpenSAML and supply an
> unauthenticated login identity and data under the guise of a trusted
> issuer. (CVE-2011-1411)
Thank you Russ!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk4tpu0ACgkQ8Jx8FtbMZncj3wCePrFGnm8uSop/Tn5Zxsyru6ca
njIAoLNrTMSHNZwaOrE8J0SSnLcEgGO+
=UnQX
-----END PGP SIGNATURE-----
More information about the Pkg-shibboleth-devel
mailing list