Bug#1100464: opensaml: Parameter manipulation allows the forging of signed SAML messages

[Cantor, Scott]

> Apologies, this was second hand information and probably
> incorrect. I think this referred to the 3.3.1 RPM package
> provided by shibboleth.net.

That is correct.

> FWIW I think the relevant upstream commit is

Also correct. It probably applies to most older versions, but probably less cleanly the farther back one goes.

-- Scott