[ubuntu/maverick-security] opensaml2 2.3-2+squeeze1build0.10.10.1 (Accepted)

Jamie Strandboge jamie at ubuntu.com
Fri Jul 29 19:03:57 UTC 2011


opensaml2 (2.3-2+squeeze1build0.10.10.1) maverick-security; urgency=low

  * fake sync from Debian

opensaml2 (2.3-2+squeeze1) stable-security; urgency=high

  * SECURITY: Fix vulnerability to a "wrapping attack" that could allow a
    remote, unauthenticated attacker to craft messages that can be
    successfully verified but contain arbitrary content.  This may allow
    an attacker to subvert the security of software using OpenSAML and
    supply an unauthenticated login identity and data under the guise of a
    trusted issuer.  (CVE-2011-1411)

Date: Fri, 29 Jul 2011 08:58:00 -0500
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Debian Shib Team <pkg-shibboleth-devel at lists.alioth.debian.org>
https://launchpad.net/ubuntu/maverick/+source/opensaml2/2.3-2+squeeze1build0.10.10.1
-------------- next part --------------
Format: 1.8
Date: Fri, 29 Jul 2011 08:58:00 -0500
Source: opensaml2
Binary: libsaml6 libsaml2-dev opensaml2-tools opensaml2-schemas libsaml2-doc
Architecture: source
Version: 2.3-2+squeeze1build0.10.10.1
Distribution: maverick-security
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel at lists.alioth.debian.org>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description: 
 libsaml2-dev - Security Assertion Markup Language library (development)
 libsaml2-doc - Security Assertion Markup Language library (API docs)
 libsaml6   - Security Assertion Markup Language library (runtime)
 opensaml2-schemas - Security Assertion Markup Language library (XML schemas)
 opensaml2-tools - Security Assertion Markup Language command-line tools
Changes: 
 opensaml2 (2.3-2+squeeze1build0.10.10.1) maverick-security; urgency=low
 .
   * fake sync from Debian
 .
 opensaml2 (2.3-2+squeeze1) stable-security; urgency=high
 .
   * SECURITY: Fix vulnerability to a "wrapping attack" that could allow a
     remote, unauthenticated attacker to craft messages that can be
     successfully verified but contain arbitrary content.  This may allow
     an attacker to subvert the security of software using OpenSAML and
     supply an unauthenticated login identity and data under the guise of a
     trusted issuer.  (CVE-2011-1411)
Checksums-Sha1: 
 5d280f64571e04ecc93cbf4e060ff86ba30e2c30 2176 opensaml2_2.3-2+squeeze1build0.10.10.1.dsc
 b7b26146c6ae575568638b11e8cf338cab3eb22f 8990 opensaml2_2.3-2+squeeze1build0.10.10.1.diff.gz
Checksums-Sha256: 
 c8f05e4050e3daf6234d0339460cb07b4dde40c23c43b9f45666c46f8a1a2e52 2176 opensaml2_2.3-2+squeeze1build0.10.10.1.dsc
 afa7ccb6410385abd2501e5d288ffbdde8ed6a74963af3191c5bcd32c396c567 8990 opensaml2_2.3-2+squeeze1build0.10.10.1.diff.gz
Files: 
 e03b37b1ea793f2177bfad7f160724f9 2176 libs extra opensaml2_2.3-2+squeeze1build0.10.10.1.dsc
 a3d1035564ac66cee66934a153e9b4dd 8990 libs extra opensaml2_2.3-2+squeeze1build0.10.10.1.diff.gz


More information about the Maverick-changes mailing list