Plans for Shibboleth SP 2.1 debian packages

Russ Allbery rra at debian.org
Thu Nov 5 17:37:03 UTC 2009


Patrik Schnellmann <patrik.schnellmann at switch.ch> writes:

> Thanks for the backports of Shib 2.2.1, they work well.

> Unfortunately, these packages are outdated already due to a security
> vulnerability as you may be aware:

> http://shibboleth.internet2.edu/secadv/secadv_20091104.txt

> As we use the 2.2.1 packages for productions services, it's important to
> know when the security fixes make it into the debian packages.

> Can you give us an estimation about when updated packages will be
> available?

My guess would be two weeks.  The updated packages are difficult to deploy
because of the SONAME change, so they all have to go through NEW
processing in both Debian and in backports.org.  I'm hoping to start today
with xmltooling, but expect it to take at least two days per package, then
the same for backports.org.

-- 
Russ Allbery (rra at debian.org)               <http://www.eyrie.org/~eagle/>



More information about the Pkg-shibboleth-devel mailing list