xml-security-c 2.0.2

Ferenc W√°gner wagner.ferenc at kifu.gov.hu
Wed Nov 7 15:52:19 GMT 2018

"Cantor, Scott" <cantor.2 at osu.edu> writes:

>>> I haven't updated the advisory yet, I'm waiting on the SP release and
>>> that's waiting on whether curl 7.62.0 is too buggy to use or not.
> Also for clarity on the timeline, 7.62.0 has serious regressions but I
> would rather hold off for 7.62.1 than roll back, this is the first
> release that's known to support OpenSSL 1.1 and has TLS 1.3 support so
> I'd like to get it into the next Windows build if possible. But I
> probably can't wait until Thanksgiving, so I'm still monitoring.

Thanks for the info, though I don't think it affects us: backporting the
fix to xml-security-c 1.7 is hopefully enough in Debian-land.

More information about the Pkg-shibboleth-devel mailing list