Bug#1100464: opensaml: Parameter manipulation allows the forging of signed SAML messages
Cantor, Scott
cantor.2 at osu.edu
Fri Mar 14 13:43:42 GMT 2025
> Apologies, this was second hand information and probably incorrect.
I think this referred to the 3.3.1 RPM package provided by shibboleth.net.
FWIW I think the relevant upstream commit is
https://urldefense.com/v3/__https://git.shibboleth.net/view/?p=cpp-opensaml.git;a=commit;h=22a610b322e2178abd03e97cdbc8fb50b45efaee__;!!KGKeukY!0sieJbIWE4PCFnM93frlKLEcJ_w7mxUPRkizqPgm6CNTUnTYQnRCNcltxZO0Tt2_uByFHtzR0gnD2A$ <https://urldefense.com/v3/__https://git.shibboleth.net/view/?p=cpp-opensaml.git;a=commit;h=22a610b322e2178abd03e97cdbc8fb50b45efaee__;!!KGKeukY!0sieJbIWE4PCFnM93frlKLEcJ_w7mxUPRkizqPgm6CNTUnTYQnRCNcltxZO0Tt2_uByFHtzR0gnD2A$>
but I haven't tested this in any way.
--
Niko Tyni ntyni at debian.org <mailto:ntyni at debian.org>
_______________________________________________
Pkg-shibboleth-devel mailing list
Pkg-shibboleth-devel at alioth-lists.debian.net <mailto:Pkg-shibboleth-devel at alioth-lists.debian.net>
https://urldefense.com/v3/__https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shibboleth-devel__;!!KGKeukY!0sieJbIWE4PCFnM93frlKLEcJ_w7mxUPRkizqPgm6CNTUnTYQnRCNcltxZO0Tt2_uByFHtzfE2vh_g$ <https://urldefense.com/v3/__https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shibboleth-devel__;!!KGKeukY!0sieJbIWE4PCFnM93frlKLEcJ_w7mxUPRkizqPgm6CNTUnTYQnRCNcltxZO0Tt2_uByFHtzfE2vh_g$>
More information about the Pkg-shibboleth-devel
mailing list