CVE for upcoming ODBC issue in Shibboleth SP
Ferenc Wágner
wferi at debian.org
Wed Sep 3 16:43:02 BST 2025
"Cantor, Scott via Pkg-shibboleth-devel"
<pkg-shibboleth-devel at alioth-lists.debian.net> writes:
> There's a patch coming today (tomorrow latest) for an ODBC issue in
> the SP. The reporter was planning to get a CVE but I told them I'd
> have you all issue it out of Debian as you usually do to avoid
> duplication.
Hi Scott,
I asked the Debian Security Team to allocate a CVE ID for the upcoming
issue. They only do that for yet-undisclosed issues, so the timing is a
bit tight, though; we'll see. On the other hand Debian is perfectly
happy to use CVE IDs allocated by other parties, so feel free to accept
an ID from the reporter next time. As long as you include it in your
advisory, nobody should allocate new ones.
--
Regards,
Feri.
More information about the Pkg-shibboleth-devel
mailing list