[SCM] Debian packaging for OpenSAML 2.0 annotated tag, debian/2.3-2+squeeze1, created. debian/2.3-2+squeeze1

Russ Allbery rra at debian.org
Mon Jul 25 17:14:54 UTC 2011 

The annotated tag, debian/2.3-2+squeeze1 has been created
        at  75a1b0889ac64dafe9e1e8efa4602c740841dec6 (tag)
   tagging  55c0065978204279aa3e44685e23311c4977d8a7 (commit)
  replaces  debian/2.3-2
 tagged by  Russ Allbery
        on  Sat Jul 23 15:18:25 2011 -0700

- Shortlog ------------------------------------------------------------
Debian release 2.3-2+squeeze1

Format: 1.8
Date: Fri, 22 Jul 2011 19:07:07 -0700
Source: opensaml2
Binary: libsaml6 libsaml2-dev opensaml2-tools opensaml2-schemas libsaml2-doc
Architecture: source i386 all
Version: 2.3-2+squeeze1
Distribution: stable-security
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel at lists.alioth.debian.org>
Changed-By: Russ Allbery <rra at debian.org>
Description:
 libsaml2-dev - Security Assertion Markup Language library (development)
 libsaml2-doc - Security Assertion Markup Language library (API docs)
 libsaml6   - Security Assertion Markup Language library (runtime)
 opensaml2-schemas - Security Assertion Markup Language library (XML schemas)
 opensaml2-tools - Security Assertion Markup Language command-line tools
Changes:
 opensaml2 (2.3-2+squeeze1) stable-security; urgency=high
 .
   * SECURITY: Fix vulnerability to a "wrapping attack" that could allow a
     remote, unauthenticated attacker to craft messages that can be
     successfully verified but contain arbitrary content.  This may allow
     an attacker to subvert the security of software using OpenSAML and
     supply an unauthenticated login identity and data under the guise of a
     trusted issuer.  (CVE-2011-1411)
Checksums-Sha1:
 1a614a7d698aaf3f20e1c3720599f55d405ae142 1774 opensaml2_2.3-2+squeeze1.dsc
 d5b29a25a26a85957379279280b0f530146ec185 926057 opensaml2_2.3.orig.tar.gz
 52979f08453bc78eaaba33a360a2da626a9112e7 8796 opensaml2_2.3-2+squeeze1.diff.gz
 8633a0feadcd04d86021872bbbc66874f95b87f7 1195068 libsaml6_2.3-2+squeeze1_i386.deb
 d725b463360d35e0444ed612c6f8cd32372a2f6c 47924 libsaml2-dev_2.3-2+squeeze1_i386.deb
 d3a9b82af5ca9bbcb76581274f8a6f9293af94cf 26558 opensaml2-tools_2.3-2+squeeze1_i386.deb
 b3a33026f5c30986300369fca310fa50ef04b8b5 28286 opensaml2-schemas_2.3-2+squeeze1_all.deb
 70c022966bbd23f750b4a64892382112d643f7e0 410884 libsaml2-doc_2.3-2+squeeze1_all.deb
Checksums-Sha256:
 3784f235ffc3d6af853622f53932d3fc80e76adb70deda5e81ce7e7e8f993ec3 1774 opensaml2_2.3-2+squeeze1.dsc
 027b3b9a6f5c147dd434d52e674ca238672412595dfa18675a70bafc5495e2fd 926057 opensaml2_2.3.orig.tar.gz
 de46ac0eed6f6ea9ef7a1222760aacc2f62b988e4c13040827edeacb4c31aa54 8796 opensaml2_2.3-2+squeeze1.diff.gz
 5e64d9e98c26634bf025c8341d4bf35c6764d3570e590683b807cd3bf8dd4ff4 1195068 libsaml6_2.3-2+squeeze1_i386.deb
 ee5dc6963621f0adc0561b8aef408364c0d759dbacdb39b35017fc5450f37ae4 47924 libsaml2-dev_2.3-2+squeeze1_i386.deb
 06468aabfdc86cf4e805509db7a1a7d4b4ecf324f082a8f48626e90fe488f0d9 26558 opensaml2-tools_2.3-2+squeeze1_i386.deb
 d4f3e0813ae6497bff9da3d6582bce2b675d24645b5e6e5133c7a77d398abc05 28286 opensaml2-schemas_2.3-2+squeeze1_all.deb
 8adc0728346c358ec413e01cc0762ac4df86f1f736881465b2d9faed5d9a97ac 410884 libsaml2-doc_2.3-2+squeeze1_all.deb
Files:
 69505074de2f4252ba67cd729fb538ca 1774 libs extra opensaml2_2.3-2+squeeze1.dsc
 9695d40cb28519c2cde8211cd1c3dc69 926057 libs extra opensaml2_2.3.orig.tar.gz
 579fb8d8826139a15f1b9cdce95fffcc 8796 libs extra opensaml2_2.3-2+squeeze1.diff.gz
 67a6d395ebde57e975ea6baf53d32454 1195068 libs extra libsaml6_2.3-2+squeeze1_i386.deb
 1a3f283752851bf65fdbb3d5dae9bbe4 47924 libdevel extra libsaml2-dev_2.3-2+squeeze1_i386.deb
 ac620153adbadf7707d5d27bb360a477 26558 text extra opensaml2-tools_2.3-2+squeeze1_i386.deb
 02eb55fa35d25f54d48e17ac74bdd014 28286 text extra opensaml2-schemas_2.3-2+squeeze1_all.deb
 48e3e4a75a0174b999b640431b420c5e 410884 doc extra libsaml2-doc_2.3-2+squeeze1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEcBAABCAAGBQJOK0jCAAoJEH2AMVxXNt51XEYIAJjCzJE5W4yDu+LseWOWqIJH
18GWuY480lBNhV9czJZMnzdOn0AczUFGUcLS9+30+ywuHDPNwA5K2QzehwMhEYJK
+vZOVJnI83vWgvjwOLpuBil5NU8C3gAgNF2eD53gnvm+j33P23+zyEVsDHgbAzq/
gD/1qQHaikWatodzymbynSzhLPLPzPRA3sKsj2frAurowpdE4jKpFdnZWUXbYBCF
SkvXTLTBdPrQQ7IFkmO59gGPDiO787tJWefOiKRP8GjL9xNe7OcZh5marTHHqvJi
dn6q1/sJ8m0q1gZpyIzTrGFmG4+4d3lnMT6bGjzFCNBS7Whcb6Arlm0zjije+ac=
=UoeN
-----END PGP SIGNATURE-----

Russ Allbery (1):
      Add upstream patch for "wrapping attack" vulnerability

-----------------------------------------------------------------------

-- 
Debian packaging for OpenSAML 2.0

More information about the Pkg-shibboleth-devel mailing list