opensaml2_2.3-1~bpo50+2_i386.changes is NEW

To: Russ Allbery <rra@debian.org>
Subject: opensaml2_2.3-1~bpo50+2_i386.changes is NEW
From: Backports.org archive Installer <installer@backports.org>
Date: Sat, 28 Nov 2009 01:47:05 +0100 (CET)
Message-id: <[🔎] 20091128004705.62FC929297041@www.backports.org>

libsaml2-dev_2.3-1~bpo50+2_i386.deb
  to pool/main/o/opensaml2/libsaml2-dev_2.3-1~bpo50+2_i386.deb
libsaml2-doc_2.3-1~bpo50+2_all.deb
  to pool/main/o/opensaml2/libsaml2-doc_2.3-1~bpo50+2_all.deb
(new) libsaml6_2.3-1~bpo50+2_i386.deb extra libs
Security Assertion Markup Language library (runtime)
 OpenSAML is an open source implementation of the OASIS Security Assertion
 Markup Language Specification. It contains a set of open source C++ classes
 that support the SAML 1.0, 1.1, and 2.0 specifications.
 .
 This package contains the files necessary for running applications that
 use the OpenSAML library.
opensaml2-schemas_2.3-1~bpo50+2_all.deb
  to pool/main/o/opensaml2/opensaml2-schemas_2.3-1~bpo50+2_all.deb
opensaml2-tools_2.3-1~bpo50+2_i386.deb
  to pool/main/o/opensaml2/opensaml2-tools_2.3-1~bpo50+2_i386.deb
opensaml2_2.3-1~bpo50+2.diff.gz
  to pool/main/o/opensaml2/opensaml2_2.3-1~bpo50+2.diff.gz
opensaml2_2.3-1~bpo50+2.dsc
  to pool/main/o/opensaml2/opensaml2_2.3-1~bpo50+2.dsc
opensaml2_2.3.orig.tar.gz
  to pool/main/o/opensaml2/opensaml2_2.3.orig.tar.gz
Changes: opensaml2 (2.3-1~bpo50+2) lenny-backports; urgency=high
 .
  * Backport to stable.
  * Urgency high for security fix.
  * Build against libxerces-c2-dev instead of libxerces-c-dev.
 .
opensaml2 (2.3-1) unstable; urgency=high
 .
  * Urgency set to high for security fix.
  * New upstream release.
    - SECURITY: Partial fix for improper handling of URLs that could be
      abused for script injection and other cross-site scripting attacks.
      The complete fix also requires newer xmltooling and shibboleth-sp2
      packages.  (CVE-2009-3300)
    - Fix crash on assertions with missing SubjectConfirmation.
    - Remove inline functions except for templates or RAII patterns.
    - Remove xml from the inclusive prefix list to avoid bugs in Apache
      Java xmlsec.
    - Honor digest algorithm in whole document signing with empty URI.
  * Rename library package for upstream SONAME bump.
  * Build-depend on libxmltooling-dev 1.3 or later and make libsaml2-dev
    depend on libxmltooling-dev 1.3 or later for the fixes for URL
    sanitization.
  * Build-depend on libxml-security-c-dev 1.5 or later to ensure
    that all builds are consistent.


Override entries for your package:
libsaml2-dev_2.3-1~bpo50+2_i386.deb - extra libdevel
libsaml2-doc_2.3-1~bpo50+2_all.deb - extra doc
opensaml2-schemas_2.3-1~bpo50+2_all.deb - extra text
opensaml2-tools_2.3-1~bpo50+2_i386.deb - extra text
opensaml2_2.3-1~bpo50+2.dsc - source libs

Announcing to backports-changes@lists.backports.org


Your package contains new components which requires manual editing of
the override file.  It is ok otherwise, so please be patient.  New
packages are usually added to the override file about once a week.

You may have gotten the distribution wrong.  You'll get warnings above
if files already exist in other distributions.
ist in other distributions.

Reply to:

Prev by Date: bwa_0.5.5-1~bpo50+1_amd64.changes ACCEPTED
Next by Date: Accepted schleuder 2.1.0-1~bpo50+1 (source all)
Previous by thread: bwa_0.5.5-1~bpo50+1_amd64.changes ACCEPTED
Next by thread: Accepted schleuder 2.1.0-1~bpo50+1 (source all)
Index(es):
- Date
- Thread