[ubuntu/lucid-security] opensaml2 2.3-1ubuntu0.1 (Accepted)

Joshua Daniel Franklin joshuadfranklin at yahoo.com
Wed Aug 10 17:03:35 UTC 2011 

opensaml2 (2.3-1ubuntu0.1) lucid-security; urgency=high

  * SECURITY UPDATE: Fix vulnerability to a "wrapping attack" that could
    allow a remote, unauthenticated attacker to craft messages that can be
    successfully verified but contain arbitrary content.  This may allow
    an attacker to subvert the security of software using OpenSAML and
    supply an unauthenticated login identity and data under the guise of a
    trusted issuer. (LP: #817199)
    - Patch obtained from Debian (2.3-2+squeeze1)
    - CVE-2011-1411

Date: Thu, 28 Jul 2011 14:50:45 -0700
Changed-By: Joshua Daniel Franklin <joshuadfranklin at yahoo.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/opensaml2/2.3-1ubuntu0.1
-------------- next part --------------
Format: 1.8
Date: Thu, 28 Jul 2011 14:50:45 -0700
Source: opensaml2
Binary: libsaml6 libsaml2-dev opensaml2-tools opensaml2-schemas libsaml2-doc
Architecture: source
Version: 2.3-1ubuntu0.1
Distribution: lucid-security
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Joshua Daniel Franklin <joshuadfranklin at yahoo.com>
Description: 
 libsaml2-dev - Security Assertion Markup Language library (development)
 libsaml2-doc - Security Assertion Markup Language library (API docs)
 libsaml6   - Security Assertion Markup Language library (runtime)
 opensaml2-schemas - Security Assertion Markup Language library (XML schemas)
 opensaml2-tools - Security Assertion Markup Language command-line tools
Launchpad-Bugs-Fixed: 817199
Changes: 
 opensaml2 (2.3-1ubuntu0.1) lucid-security; urgency=high
 .
   * SECURITY UPDATE: Fix vulnerability to a "wrapping attack" that could
     allow a remote, unauthenticated attacker to craft messages that can be
     successfully verified but contain arbitrary content.  This may allow
     an attacker to subvert the security of software using OpenSAML and
     supply an unauthenticated login identity and data under the guise of a
     trusted issuer. (LP: #817199)
     - Patch obtained from Debian (2.3-2+squeeze1)
     - CVE-2011-1411
Checksums-Sha1: 
 68f4d6dfffc5475c5136c053e35843454addbb8a 2199 opensaml2_2.3-1ubuntu0.1.dsc
 bf40bf95c651cf7b70f3a3db7cc9335aca222aec 8717 opensaml2_2.3-1ubuntu0.1.diff.gz
Checksums-Sha256: 
 dc37ab2634c4f92adbb578b759187156b39e976a4c298c7c46240ae1ac1404d5 2199 opensaml2_2.3-1ubuntu0.1.dsc
 5b02901c51c97cedae896fdc7f5ba1f3164f906ff6d0669609d9096dd50ef366 8717 opensaml2_2.3-1ubuntu0.1.diff.gz
Files: 
 011c37dad2bfcf4245f31e3b3a38bdd2 2199 libs extra opensaml2_2.3-1ubuntu0.1.dsc
 7473ae1e22544d89342d4b8c8d254a3a 8717 libs extra opensaml2_2.3-1ubuntu0.1.diff.gz
Original-Maintainer: Debian Shib Team <pkg-shibboleth-devel at lists.alioth.debian.org>

More information about the Lucid-changes mailing list