[SCM] Debian packaging for OpenSAML 2.0 branch, squeeze, created. debian/2.3-2+squeeze1

Leif Johansson leifj at mnt.se
Mon Jul 25 17:25:02 UTC 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/25/2011 07:21 PM, Russ Allbery wrote:
> The branch, squeeze has been created
>         at  55c0065978204279aa3e44685e23311c4977d8a7 (commit)
> 
> - Shortlog ------------------------------------------------------------
> commit 55c0065978204279aa3e44685e23311c4977d8a7
> Author: Russ Allbery <rra at debian.org>
> Date:   Fri Jul 22 19:08:06 2011 -0700
> 
>     Add upstream patch for "wrapping attack" vulnerability
>     
>     * Fix vulnerability to a "wrapping attack" that could allow a remote,
>       unauthenticated attacker to craft messages that can be successfully
>       verified but contain arbitrary content.  This may allow an attacker to
>       subvert the security of software using OpenSAML and supply an
>       unauthenticated login identity and data under the guise of a trusted
>       issuer.  (CVE-2011-1411)

Thank you Russ!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk4tpu0ACgkQ8Jx8FtbMZncj3wCePrFGnm8uSop/Tn5Zxsyru6ca
njIAoLNrTMSHNZwaOrE8J0SSnLcEgGO+
=UnQX
-----END PGP SIGNATURE-----



More information about the Pkg-shibboleth-devel mailing list