Bug#793855: DoS, Shibboleth SP software crashes on well-formed but invalid XML (CVE-2015-0851)

Luca Bruno lucab at debian.org
Tue Jul 28 10:24:30 UTC 2015

On Tuesday 28 July 2015 12:15:43 Ferenc Wagner wrote:
> We're already working on this with the Security Team.  I wonder if I
> should prepare new packages (for {wheezy,jessie}-security) with the
> changelogs closing this bug.  Or should it be closed by the unstable
> upload of 1.5.5?  The proposed security uploads can be found at
> http://apt.niif.hu/CVE-2015-0851/.

Ok, just follow up with the Security Team then, they'll point you through the 
correct path.

I just filed this bug today as I realized the issue has been initially labeled 
with a wrong CVE and seemed to be untracked.

Cheers, Luca

 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.    | lucab (AT) debian.org
`. `'`                          | GPG: 0xBB1A3A854F3BBEBF
  `-     http://www.debian.org 	| Debian GNU/Linux Developer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-shibboleth-devel/attachments/20150728/48cfb322/attachment.sig>

More information about the Pkg-shibboleth-devel mailing list