Bug#987608: shibboleth-sp: Session recovery feature contains a null pointer deference

Salvatore Bonaccorso carnil at debian.org
Tue Apr 27 07:46:22 BST 2021


On Tue, Apr 27, 2021 at 08:16:52AM +0200, wferi at debian.org wrote:
> Salvatore Bonaccorso <carnil at debian.org> writes:
> > MITRE has assigned CVE-2021-31826 for this issue.
> Thanks.  I guess you don't want a new security upload for this, but I'll
> certainly include it in the changelog of the unstable upload.  (And in
> the changelog of the next security upload, whenever that happens.)

Yes exactly, there is no need to reject the package and reupload with
the CVE identifier added, it is all enough how it is so far, we will
just add it the the DSA itself.

So all fine.


More information about the Pkg-shibboleth-devel mailing list