Bug#794851: CVE-2015-0851: shibboleth-sp2 needs to be rebuilt against new xmltooling

Alessandro Ghedini ghedo at debian.org
Sat Aug 8 10:24:05 UTC 2015

Control: found -1 opensaml2/2.4.3-4
Control: fixed -1 opensaml2/2.4.3-4+deb7u1
Control: fixed -1 opensaml2/2.5.3-2+deb8u1

On Fri, Aug 07, 2015 at 12:36:18pm +0200, Sergio Gelato wrote:
> Package: opensaml2
> Version: 2.5.3-2
> Severity: serious
> Tags: security
> The upstream security advisory for CVE-2015-0851 (see #793855) states
> in part: "Correcting this bug requires that the OpenSAML library be
> rebuilt against the corrected version of the XMLTooling-C library,
> which is normally assured by obtaining updates to both."

Yes, sorry for the delay. I just released fixed opensaml2 packages for wheezy
and jessie security.

Given that unstable is still vulnerable (since a fixed xmltooling version
hasn't been uploaded yet), I'll leave this open for now.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-shibboleth-devel/attachments/20150808/d7e2cdec/attachment.sig>

More information about the Pkg-shibboleth-devel mailing list