Bug#881857: add CVE

Cantor, Scott cantor.2 at osu.edu
Fri Nov 17 17:18:50 UTC 2017

On 11/17/17, 11:48 AM, "Pkg-shibboleth-devel on behalf of Ferenc Wágner" <pkg-shibboleth-devel-bounces+cantor.2=osu.edu at lists.alioth.debian.org on behalf of wferi at niif.hu> wrote:

> Now, this is still ongoing:
> https://release.debian.org/transitions/html/auto-xerces-c.html
> The upstream fixes for this issue appeared as new patch level releases
> for XMLTooling (1.6.2), OpenSAML (2.6.1) and the SP (2.6.1).  Shall I
> wait for the transition to finish before uploading them?

Sorry if I'm misinterpreting, but is this a source level issue or just a question of ABI/build decision? SP 2.6.0/etc. definitely should build against Xerces 3.2, and probably many older SP versions would also. But if you're just referring to what they were built with in Debian packaging cases to date, disregard.

-- Scott

More information about the Pkg-shibboleth-devel mailing list