Bug#780383: libopensaml2-java: CVE-2015-1796
Emmanuel Bourg
ebourg at apache.org
Fri Mar 13 09:42:41 UTC 2015
Hi Salvatore,
Thank you for the report. Looking at the commit r1680 mentioned on the
security tracker I fail to see how it addresses the vulnerability
described. I suspect this is actually a vulnerability in a dependency
shared by opensaml and idp (maybe xmltooling which contains the
PKIXValidationInformationResolver class, or shib-common with a recent
commit referring to the same SIDP-624 issue [1]).
Emmanuel Bourg
[1]
http://svn.shibboleth.net/view/java-shib-common?view=revision&revision=1125
More information about the pkg-java-maintainers
mailing list