-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Russ Allbery uploaded new packages for opensaml2 which fixed the following
security problems:
CVE-2011-1411
Juraj Somorovsky, Andreas Mayer, Meiko Jensen, Florian Kohlar, Marco
Kampmann and Joerg Schwenk discovered that OpenSAML is vulnerable to
an XML signature wrapping attack that could allow a remote,
unauthenticated attacker to craft messages that can be successfully
verified but contain arbitrary content. This may allow an attacker to
subvert the security of software using OpenSAML and supply an
unauthenticated login identity and data under the guise of a trusted
issuer.
For the lenny-backports distribution, this problem has been fixed in
2.3-2+squeeze1~bpo50+1.
We recommend that you upgrade your opensaml2 packages and then restart
shibd and Apache if you have Shibboleth installed as well.
If you don't use pinning (see [1]) you have to update the package
manually via "apt-get -t lenny-backports install <packagelist>" with
the packagelist of your installed packages affected by this update.
[1] <http://backports.debian.org/Instructions>
We recommend to pin (in /etc/apt/preferences) the backports repository to
200 so that new versions of installed backports will be installed
automatically.
Package: *
Pin: release a=lenny-backports
Pin-Priority: 200
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEcBAEBCAAGBQJOPMUqAAoJEH2AMVxXNt51F2gIAIUaGxgC4VFGAw4YxaO+RGYR
MznPoK3fG1EOqH4ACAdjdW3gGAXeLqKzksTyDJ5e91qOG7bMW/S6fW+ASdqfypB+
uqQyTudR+e6pznJfwptq5sCXM+z4pAm/K8/F/Qp7iWAO3qtXGi4XxxwbGQ8ghR/9
MhwRRWgL/UirCV/jbf2U+nwbyX0e+e5VQlOe4JlhT3y2SLx8W8pwP5Xy9laH9TsT
/0fECtO4GWlefIBkl0B0YB5sYeVDsi+EAu/8CJ54Ibc2/KMk7mmsfZ4fqQ+V+wuy
IjE0pcdc4p8b/r7TYdJ3vrdlf7iNTQmt4krfhuve5s10HwWSZ7JHYA5Ir20HUWg=
=nNGI
-----END PGP SIGNATURE-----