[ubuntu/focal-security] shibboleth-sp 3.0.4+dfsg1-1ubuntu0.1 (Accepted)
Steve Beattie
sbeattie at ubuntu.com
Thu Apr 22 21:53:46 UTC 2021
shibboleth-sp (3.0.4+dfsg1-1ubuntu0.1) focal-security; urgency=high
* SECURITY UPDATE: Fix a phishing vulnerability: Template generation
allows external parameters to override placeholders (LP: #1919419)
- debian/patches/SSPCPP-922-Add-externalParameters-option-to-Errors-
element.patch: Add externalParameters option to Errors element
- https://shibboleth.net/community/advisories/secadv_20210317.txt
- https://issues.shibboleth.net/jira/browse/SSPCPP-922
- CVE-2021-28963
Date: 2021-03-31 06:01:09.111768+00:00
Changed-By: Etienne Dysli Metref <etienne.dysli-metref at switch.ch>
Signed-By: Steve Beattie <sbeattie at ubuntu.com>
https://launchpad.net/ubuntu/+source/shibboleth-sp/3.0.4+dfsg1-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list