Accepted opensaml2 2.3-1 (source i386 all)

To: debian-devel-changes@lists.debian.org
Subject: Accepted opensaml2 2.3-1 (source i386 all)
From: Russ Allbery <rra@debian.org>
Date: Wed, 18 Nov 2009 03:48:24 +0000
Message-id: <[🔎] E1NAbWq-0003lJ-CZ@ries.debian.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 06 Nov 2009 15:09:04 -0800
Source: opensaml2
Binary: libsaml6 libsaml2-dev opensaml2-tools opensaml2-schemas libsaml2-doc
Architecture: source i386 all
Version: 2.3-1
Distribution: unstable
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel@lists.alioth.debian.org>
Changed-By: Russ Allbery <rra@debian.org>
Description: 
 libsaml2-dev - Security Assertion Markup Language library (development)
 libsaml2-doc - Security Assertion Markup Language library (API docs)
 libsaml6   - Security Assertion Markup Language library (runtime)
 opensaml2-schemas - Security Assertion Markup Language library (XML schemas)
 opensaml2-tools - Security Assertion Markup Language command-line tools
Changes: 
 opensaml2 (2.3-1) unstable; urgency=high
 .
   * Urgency set to high for security fix.
   * New upstream release.
     - SECURITY: Partial fix for improper handling of URLs that could be
       abused for script injection and other cross-site scripting attacks.
       The complete fix also requires newer xmltooling and shibboleth-sp2
       packages.  (CVE-2009-3300)
     - Fix crash on assertions with missing SubjectConfirmation.
     - Remove inline functions except for templates or RAII patterns.
     - Remove xml from the inclusive prefix list to avoid bugs in Apache
       Java xmlsec.
     - Honor digest algorithm in whole document signing with empty URI.
   * Rename library package for upstream SONAME bump.
   * Build-depend on libxmltooling-dev 1.3 or later and make libsaml2-dev
     depend on libxmltooling-dev 1.3 or later for the fixes for URL
     sanitization.
   * Build-depend on libxml-security-c-dev 1.5 or later to ensure
     that all builds are consistent.
Checksums-Sha1: 
 683fc5326924613b0740ba69f78f02eb05b06eb0 1444 opensaml2_2.3-1.dsc
 d5b29a25a26a85957379279280b0f530146ec185 926057 opensaml2_2.3.orig.tar.gz
 a6d5128cf0d8e6fa9e32736af794059d682887e0 7369 opensaml2_2.3-1.diff.gz
 920c448d41521412a700feb22f090c295375c409 1204852 libsaml6_2.3-1_i386.deb
 aed66cdfbaafcc044a578cedc30fe7fc5ff70b20 47456 libsaml2-dev_2.3-1_i386.deb
 1a7500721bf927ee9e67e3f8fabd60cfeed93594 25092 opensaml2-tools_2.3-1_i386.deb
 9df5bdd48f7262d93abf688d6e0aa495a11bdf44 27822 opensaml2-schemas_2.3-1_all.deb
 df24ea17dcbb2f802e136e7af24dc17a79d052c7 421974 libsaml2-doc_2.3-1_all.deb
Checksums-Sha256: 
 4109a98feb891f28db8fd3fe70d94f30e865b27c6bd73d76fbc908407b4561c7 1444 opensaml2_2.3-1.dsc
 027b3b9a6f5c147dd434d52e674ca238672412595dfa18675a70bafc5495e2fd 926057 opensaml2_2.3.orig.tar.gz
 3566007f689f9bf6aea2897166fc92998715197b9e7a61d55a40a4d04deff89c 7369 opensaml2_2.3-1.diff.gz
 d47d2d53f3949405b497cb4bc392ef10fcab1f413e1680571ad3018f1f576175 1204852 libsaml6_2.3-1_i386.deb
 079999da97ccbdcc230f8e31277df61cdb62f9299848f00aadeb456c7704540b 47456 libsaml2-dev_2.3-1_i386.deb
 df189368250b95cb85c8af8fda122cd69ec27f4e7471ba880764118a9dcc23f7 25092 opensaml2-tools_2.3-1_i386.deb
 1ef7c76b70fbd57068ad6bd63e4e49db1db79636f44e440147f6776c1457f7bd 27822 opensaml2-schemas_2.3-1_all.deb
 fe6347a873320640608592005e746ec026a030bb19a4843f8c964fc3e929af4f 421974 libsaml2-doc_2.3-1_all.deb
Files: 
 6001f08d173376d0601ef58031ffe068 1444 libs extra opensaml2_2.3-1.dsc
 9695d40cb28519c2cde8211cd1c3dc69 926057 libs extra opensaml2_2.3.orig.tar.gz
 3247ba2b6dfdeafe970828855afa4a75 7369 libs extra opensaml2_2.3-1.diff.gz
 4c762995e7c332852592b34768125f40 1204852 libs extra libsaml6_2.3-1_i386.deb
 44746d3bd0872916b557092f8e319417 47456 libdevel extra libsaml2-dev_2.3-1_i386.deb
 d4070c52ee88372def335281c46f260a 25092 text extra opensaml2-tools_2.3-1_i386.deb
 4b1051249d950993a8cdf024487e5e35 27822 text extra opensaml2-schemas_2.3-1_all.deb
 791bad621a17f7e663e3dc836bf189d4 421974 doc extra libsaml2-doc_2.3-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkr5swcACgkQ+YXjQAr8dHbVggCeNQvx2fTwladWELVFCbabfGyk
e70AoJJfmQ7xTL94HQOGzWI2r3BKsD+9
=LCS8
-----END PGP SIGNATURE-----


Accepted:
libsaml2-dev_2.3-1_i386.deb
  to main/o/opensaml2/libsaml2-dev_2.3-1_i386.deb
libsaml2-doc_2.3-1_all.deb
  to main/o/opensaml2/libsaml2-doc_2.3-1_all.deb
libsaml6_2.3-1_i386.deb
  to main/o/opensaml2/libsaml6_2.3-1_i386.deb
opensaml2-schemas_2.3-1_all.deb
  to main/o/opensaml2/opensaml2-schemas_2.3-1_all.deb
opensaml2-tools_2.3-1_i386.deb
  to main/o/opensaml2/opensaml2-tools_2.3-1_i386.deb
opensaml2_2.3-1.diff.gz
  to main/o/opensaml2/opensaml2_2.3-1.diff.gz
opensaml2_2.3-1.dsc
  to main/o/opensaml2/opensaml2_2.3-1.dsc
opensaml2_2.3.orig.tar.gz
  to main/o/opensaml2/opensaml2_2.3.orig.tar.gz

Reply to:

Prev by Date: Accepted lua-orbit 2.1.0+dfsg-1 (source all)
Next by Date: Accepted cgsi-gsoap 1.3.3.2-1 (source amd64)
Previous by thread: Accepted lua-orbit 2.1.0+dfsg-1 (source all)
Next by thread: Accepted cgsi-gsoap 1.3.3.2-1 (source amd64)
Index(es):
- Date
- Thread