stretch-backports of 2.6.1

Ferenc Wágner wferi at
Wed Dec 6 21:00:02 UTC 2017

"Cantor, Scott" <cantor.2 at> writes:

>> Scott, why are you interested in this?  Backporting Xerces 3.2 to stable
>> would be possible, but is this really necessary?
> Essentially because 3.1 is unsupported and contains unfixed vulnerabilities.

That's worrying.  Are you talking about embargoed issues? does
not list anything beyond 3.1.4; if you know about other open security
issues, please share them (either with me privately or directly with the
Debian Security Team, not with this list).

More information about the Pkg-shibboleth-devel mailing list