shibboleth-sp_3.2.2+dfsg1-1_source.changes ACCEPTED into unstable
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Wed Apr 28 21:19:04 BST 2021
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 27 Apr 2021 12:11:06 +0200
Source: shibboleth-sp
Architecture: source
Version: 3.2.2+dfsg1-1
Distribution: unstable
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel at alioth-lists.debian.net>
Changed-By: Ferenc Wágner <wferi at debian.org>
Closes: 987608
Changes:
shibboleth-sp (3.2.2+dfsg1-1) unstable; urgency=high
.
* [e44283d] New upstream release: 3.2.2
High urgency because it fixes CVE-2021-31826:
Session recovery feature contains a null pointer dereference
The cookie-based session recovery feature added in V3.0 contains a
flaw that is exploitable on systems *not* using the feature if a
specially crafted cookie is supplied.
This manifests as a crash in the shibd daemon.
Because it is very simple to trigger this condition remotely, it
results in a potential denial of service condition exploitable by
a remote, unauthenticated attacker.
Thanks to Scott Cantor (Closes: #987608)
* [3a6ac33] Refresh our patches
Checksums-Sha1:
51abae0103692c6eb756a0684f956236c766bab3 2891 shibboleth-sp_3.2.2+dfsg1-1.dsc
15d60364156cd8fd2c60db273cba85f5c28bc075 640648 shibboleth-sp_3.2.2+dfsg1.orig.tar.xz
f185a257f713b667f861b0cbc83f9270618a84c9 42116 shibboleth-sp_3.2.2+dfsg1-1.debian.tar.xz
cb8f6304381f00faa35b8480e962b646d25065cb 13102 shibboleth-sp_3.2.2+dfsg1-1_amd64.buildinfo
Checksums-Sha256:
b855713cb278c5d8051cfb248ad7245f58d7182470e8b6c9dec2552697a85fdf 2891 shibboleth-sp_3.2.2+dfsg1-1.dsc
14d0d2ca03adf44c77ed5e8738d537dbe6e9abe5a3d6f15d403f9b00964c9f00 640648 shibboleth-sp_3.2.2+dfsg1.orig.tar.xz
6a4d64544ff5f1bf8028b7ba87519ad50237f52ee157aa4d0138dcab542aef0d 42116 shibboleth-sp_3.2.2+dfsg1-1.debian.tar.xz
7f83a25d57dc84136dba59d6941a4e717d6c03c44121e26054cf2b7d37edddec 13102 shibboleth-sp_3.2.2+dfsg1-1_amd64.buildinfo
Files:
23f42f6e2552fce639ed5a19ef8a5ce5 2891 web optional shibboleth-sp_3.2.2+dfsg1-1.dsc
52199338ebf5612425cb2a076c1b7f70 640648 web optional shibboleth-sp_3.2.2+dfsg1.orig.tar.xz
a60eb96d9fa7c1fa10b31365c9614184 42116 web optional shibboleth-sp_3.2.2+dfsg1-1.debian.tar.xz
7487cb96684d3aa30e30d25d8200fa62 13102 web optional shibboleth-sp_3.2.2+dfsg1-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEwddEx0RNIUL7eugtOsj3Fkd+2yMFAmCH9WMACgkQOsj3Fkd+
2yOUjBAAkTTaEeeh23gfgCn7o/T9iYso3kd/tI9ek0PGUK0OCnu9ZKZam4fu77Pp
3soyFSzj3Ac2y/cxEv3tDvDPtfikyOe//1/vf3brmJdCcl1IBNLb5ZqnsdpQr3vW
4aa4PKjtbSWnze8aRYicWGCFiCZUpbijZJbPlqcQIwBBELE5Zr95wAMywGYbBoK6
ZDrTWM3InwiTYLNmTwy+ZVPvp+SdvsAX3QYWwGe/4j4oU6kJyCf1VsRHddGMiQBM
KSJqucmMxCSE46ACN/9v686mxEOaXsN9XQQvfrapjLSHWM8iFeuySvdGp57EjJ8I
4Fm7po7x+yFKeOPv/42GSYUE+iPgVvkCtXgtBobscvB5/Q3e/cgx5n2A6QY9w7Kt
juglbnq5/FaN4bO5SazFg9/uXEZzqK8Ap1srqUYZlXCNroR22O5Ecs0rYhlaDldD
zxGpyj0UYlYENTNXHkf34yVTfnB9JE8y2Uaz/Uj25pVvs+thU+Vt5LebaSS5v/bj
mlMxdOJ5MY02HvVnIREA/6cf93tBC61alTeP5w1ZMX3YL37plTIR5sTUapY05oIS
gMlJd+CVWgdVG2ekn9WPtPyyqiJW87n1npS4DYJcJjoDfNbOvhN7wuZ8PNzKc1XA
FDpLmG1+WN0NshIyOjH/4P3HzozIBy5qNeWXm3zBRPr7AtUJScE=
=Ty2B
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the Pkg-shibboleth-devel
mailing list