Accepted opensaml2 2.3-1~bpo50+2 (source i386 all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 27 Nov 2009 14:21:51 -0800
Source: opensaml2
Binary: libsaml6 libsaml2-dev opensaml2-tools opensaml2-schemas libsaml2-doc
Architecture: source i386 all
Version: 2.3-1~bpo50+2
Distribution: lenny-backports
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel@lists.alioth.debian.org>
Changed-By: Russ Allbery <rra@debian.org>
Description:
libsaml2-dev - Security Assertion Markup Language library (development)
libsaml2-doc - Security Assertion Markup Language library (API docs)
libsaml6 - Security Assertion Markup Language library (runtime)
opensaml2-schemas - Security Assertion Markup Language library (XML schemas)
opensaml2-tools - Security Assertion Markup Language command-line tools
Changes:
opensaml2 (2.3-1~bpo50+2) lenny-backports; urgency=high
.
* Backport to stable.
* Urgency high for security fix.
* Build against libxerces-c2-dev instead of libxerces-c-dev.
.
opensaml2 (2.3-1) unstable; urgency=high
.
* Urgency set to high for security fix.
* New upstream release.
- SECURITY: Partial fix for improper handling of URLs that could be
abused for script injection and other cross-site scripting attacks.
The complete fix also requires newer xmltooling and shibboleth-sp2
packages. (CVE-2009-3300)
- Fix crash on assertions with missing SubjectConfirmation.
- Remove inline functions except for templates or RAII patterns.
- Remove xml from the inclusive prefix list to avoid bugs in Apache
Java xmlsec.
- Honor digest algorithm in whole document signing with empty URI.
* Rename library package for upstream SONAME bump.
* Build-depend on libxmltooling-dev 1.3 or later and make libsaml2-dev
depend on libxmltooling-dev 1.3 or later for the fixes for URL
sanitization.
* Build-depend on libxml-security-c-dev 1.5 or later to ensure
that all builds are consistent.
Checksums-Sha1:
9c00a8539cdeebaf9fe7aae3526335054d1bd94a 1463 opensaml2_2.3-1~bpo50+2.dsc
d5b29a25a26a85957379279280b0f530146ec185 926057 opensaml2_2.3.orig.tar.gz
f7e81442de8c151ecf137dcc905de6297015c68c 7433 opensaml2_2.3-1~bpo50+2.diff.gz
228bf77b001c56f56ba6b58cdecb3b9a87a4b698 1205272 libsaml6_2.3-1~bpo50+2_i386.deb
11cb1cab2daf8c25ab4ba609023cd300a13232c0 47566 libsaml2-dev_2.3-1~bpo50+2_i386.deb
d7aeae078537fade6f5256aee5b1971535c39c0f 24802 opensaml2-tools_2.3-1~bpo50+2_i386.deb
b5a1e7e5012c2b1bdc1638f388a3539c7ad65460 27922 opensaml2-schemas_2.3-1~bpo50+2_all.deb
715d450639a62a4a5b8a5f583cc4cd709ba02e20 383692 libsaml2-doc_2.3-1~bpo50+2_all.deb
Checksums-Sha256:
d0ee67cd9a659da824052b52eacb1bf98881de661607c0304fe18040d10c216c 1463 opensaml2_2.3-1~bpo50+2.dsc
027b3b9a6f5c147dd434d52e674ca238672412595dfa18675a70bafc5495e2fd 926057 opensaml2_2.3.orig.tar.gz
e2e58b43d02d6a48ac0008a8d3575bfe4fb50e3df0a8c00ded2bc36af7efcc13 7433 opensaml2_2.3-1~bpo50+2.diff.gz
2c295244bc55f2a72766d6d1b52d7280da5f92574eab50e89fcdf4040304b496 1205272 libsaml6_2.3-1~bpo50+2_i386.deb
365c8b9e567299ea5d0439e689996cc015a056b211d6515b6eb3acc1e69770e1 47566 libsaml2-dev_2.3-1~bpo50+2_i386.deb
a261f97085a9c85512ae9ebb112e2e8070b730a988cf12f5ba47d3a6f872cf5d 24802 opensaml2-tools_2.3-1~bpo50+2_i386.deb
4cf8b5e11e8f52984a706946be785ec561aa2265a526ede826a191569538a2ab 27922 opensaml2-schemas_2.3-1~bpo50+2_all.deb
d515ec0abb9a26e66e44a1ddf74c41cffe67c65bda77a24aa9da4bd60097cd9c 383692 libsaml2-doc_2.3-1~bpo50+2_all.deb
Files:
faf53438e3e39ba4e79fd100e7bc4d99 1463 libs extra opensaml2_2.3-1~bpo50+2.dsc
9695d40cb28519c2cde8211cd1c3dc69 926057 libs extra opensaml2_2.3.orig.tar.gz
a9cd8e9895cd62990e5f25a474dc971d 7433 libs extra opensaml2_2.3-1~bpo50+2.diff.gz
a37d405d05747757c4b269aff72ccb48 1205272 libs extra libsaml6_2.3-1~bpo50+2_i386.deb
ce28a0cabdbea206b3c030c6ad7b4342 47566 libdevel extra libsaml2-dev_2.3-1~bpo50+2_i386.deb
a208bbc396c51b1c4490921f28436331 24802 text extra opensaml2-tools_2.3-1~bpo50+2_i386.deb
7f77680e7e6d95bd2c2008214d4828c1 27922 text extra opensaml2-schemas_2.3-1~bpo50+2_all.deb
269d2a4727d4c54585a94bb1832d621c 383692 doc extra libsaml2-doc_2.3-1~bpo50+2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAksQcO8ACgkQ+YXjQAr8dHauXwCgzw/EwSrv8B1P+6GF//lNFOdG
dHMAoNvsgVzxC8gFb7Y0VzYNndZ3WBm3
=9YCA
-----END PGP SIGNATURE-----
Accepted:
libsaml2-dev_2.3-1~bpo50+2_i386.deb
to pool/main/o/opensaml2/libsaml2-dev_2.3-1~bpo50+2_i386.deb
libsaml2-doc_2.3-1~bpo50+2_all.deb
to pool/main/o/opensaml2/libsaml2-doc_2.3-1~bpo50+2_all.deb
libsaml6_2.3-1~bpo50+2_i386.deb
to pool/main/o/opensaml2/libsaml6_2.3-1~bpo50+2_i386.deb
opensaml2-schemas_2.3-1~bpo50+2_all.deb
to pool/main/o/opensaml2/opensaml2-schemas_2.3-1~bpo50+2_all.deb
opensaml2-tools_2.3-1~bpo50+2_i386.deb
to pool/main/o/opensaml2/opensaml2-tools_2.3-1~bpo50+2_i386.deb
opensaml2_2.3-1~bpo50+2.diff.gz
to pool/main/o/opensaml2/opensaml2_2.3-1~bpo50+2.diff.gz
opensaml2_2.3-1~bpo50+2.dsc
to pool/main/o/opensaml2/opensaml2_2.3-1~bpo50+2.dsc
opensaml2_2.3.orig.tar.gz
to pool/main/o/opensaml2/opensaml2_2.3.orig.tar.gz
Reply to: