Bug#793855: DoS, Shibboleth SP software crashes on well-formed but invalid XML (CVE-2015-0851)
Luca Bruno
lucab at debian.org
Tue Jul 28 10:24:30 UTC 2015
On Tuesday 28 July 2015 12:15:43 Ferenc Wagner wrote:
> We're already working on this with the Security Team. I wonder if I
> should prepare new packages (for {wheezy,jessie}-security) with the
> changelogs closing this bug. Or should it be closed by the unstable
> upload of 1.5.5? The proposed security uploads can be found at
> http://apt.niif.hu/CVE-2015-0851/.
Ok, just follow up with the Security Team then, they'll point you through the
correct path.
I just filed this bug today as I realized the issue has been initially labeled
with a wrong CVE and seemed to be untracked.
Cheers, Luca
--
.''`. ** Debian GNU/Linux ** | Luca Bruno (kaeso)
: :' : The Universal O.S. | lucab (AT) debian.org
`. `'` | GPG: 0xBB1A3A854F3BBEBF
`- http://www.debian.org | Debian GNU/Linux Developer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-shibboleth-devel/attachments/20150728/48cfb322/attachment.sig>
More information about the Pkg-shibboleth-devel
mailing list