[ubuntu/jaunty-security] opensaml2, opensaml2 (delayed) 2.0-2+lenny2build0.9.04.1 (Accepted)

Ubuntu Installer archive at ubuntu.com
Sun Jan 31 01:03:30 GMT 2010 

opensaml2 (2.0-2+lenny2build0.9.04.1) jaunty-security; urgency=low

  * fake sync from Debian

opensaml2 (2.0-2+lenny2) stable-security; urgency=high

  * SECURITY: Partial fix for improper handling of URLs that could be
    abused for script injection and other cross-site scripting attacks.
    The complete fix also requires a newer shibboleth-sp2 package.
    (CVE-2009-3300)

opensaml2 (2.0-2+lenny1) stable-security; urgency=high

  * SECURITY: Correctly honor the "use" attribute of <KeyDescriptor> SAML
    metadata to honor restrictions to signing or encryption.  This is a
    partial fix; the complete fix also requires a new version of the
    xmltooling library.
    See <http://shibboleth.internet2.edu/secadv/secadv_20090817a.txt>

Date: Sat, 30 Jan 2010 10:45:34 -0800
Changed-By: Kees Cook <kees at ubuntu.com>
Maintainer: Debian Shib Team <pkg-shibboleth-devel at lists.alioth.debian.org>
https://launchpad.net/ubuntu/jaunty/+source/opensaml2/2.0-2+lenny2build0.9.04.1
-------------- next part --------------
Format: 1.8
Date: Sat, 30 Jan 2010 10:45:34 -0800
Source: opensaml2
Binary: libsaml2 libsaml2-dev opensaml2-tools opensaml2-schemas libsaml2-doc
Architecture: source
Version: 2.0-2+lenny2build0.9.04.1
Distribution: jaunty-security
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel at lists.alioth.debian.org>
Changed-By: Kees Cook <kees at ubuntu.com>
Description: 
 libsaml2   - Security Assertion Markup Language library (runtime)
 libsaml2-dev - Security Assertion Markup Language library (development)
 libsaml2-doc - Security Assertion Markup Language library (API docs)
 opensaml2-schemas - Security Assertion Markup Language library (XML schemas)
 opensaml2-tools - Security Assertion Markup Language command-line tools
Changes: 
 opensaml2 (2.0-2+lenny2build0.9.04.1) jaunty-security; urgency=low
 .
   * fake sync from Debian
 .
 opensaml2 (2.0-2+lenny2) stable-security; urgency=high
 .
   * SECURITY: Partial fix for improper handling of URLs that could be
     abused for script injection and other cross-site scripting attacks.
     The complete fix also requires a newer shibboleth-sp2 package.
     (CVE-2009-3300)
 .
 opensaml2 (2.0-2+lenny1) stable-security; urgency=high
 .
   * SECURITY: Correctly honor the "use" attribute of <KeyDescriptor> SAML
     metadata to honor restrictions to signing or encryption.  This is a
     partial fix; the complete fix also requires a new version of the
     xmltooling library.
     See <http://shibboleth.internet2.edu/secadv/secadv_20090817a.txt>
Checksums-Sha1: 
 59a325483ce28cba07a50b174193b6b21a9d299b 1540 opensaml2_2.0-2+lenny2build0.9.04.1.dsc
 2c3015151d764a7316092aaab9a4843e9c2e3631 7827 opensaml2_2.0-2+lenny2build0.9.04.1.diff.gz
Checksums-Sha256: 
 e0931cd661747b41ed79fda8248241cffc574cff3d99fc9158716d59c6d40a82 1540 opensaml2_2.0-2+lenny2build0.9.04.1.dsc
 198c474d1a75fb64997fc94cda3933fc6f9848042c97c200fb672ab095255613 7827 opensaml2_2.0-2+lenny2build0.9.04.1.diff.gz
Files: 
 0c46b89de3ee058316a386967f30139f 1540 libs extra opensaml2_2.0-2+lenny2build0.9.04.1.dsc
 e286135be2a65f09a829aeeeb0e0af30 7827 libs extra opensaml2_2.0-2+lenny2build0.9.04.1.diff.gz

More information about the Jaunty-changes mailing list