Accepted opensaml2 2.3-1 (source i386 all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 06 Nov 2009 15:09:04 -0800
Source: opensaml2
Binary: libsaml6 libsaml2-dev opensaml2-tools opensaml2-schemas libsaml2-doc
Architecture: source i386 all
Version: 2.3-1
Distribution: unstable
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel@lists.alioth.debian.org>
Changed-By: Russ Allbery <rra@debian.org>
Description:
libsaml2-dev - Security Assertion Markup Language library (development)
libsaml2-doc - Security Assertion Markup Language library (API docs)
libsaml6 - Security Assertion Markup Language library (runtime)
opensaml2-schemas - Security Assertion Markup Language library (XML schemas)
opensaml2-tools - Security Assertion Markup Language command-line tools
Changes:
opensaml2 (2.3-1) unstable; urgency=high
.
* Urgency set to high for security fix.
* New upstream release.
- SECURITY: Partial fix for improper handling of URLs that could be
abused for script injection and other cross-site scripting attacks.
The complete fix also requires newer xmltooling and shibboleth-sp2
packages. (CVE-2009-3300)
- Fix crash on assertions with missing SubjectConfirmation.
- Remove inline functions except for templates or RAII patterns.
- Remove xml from the inclusive prefix list to avoid bugs in Apache
Java xmlsec.
- Honor digest algorithm in whole document signing with empty URI.
* Rename library package for upstream SONAME bump.
* Build-depend on libxmltooling-dev 1.3 or later and make libsaml2-dev
depend on libxmltooling-dev 1.3 or later for the fixes for URL
sanitization.
* Build-depend on libxml-security-c-dev 1.5 or later to ensure
that all builds are consistent.
Checksums-Sha1:
683fc5326924613b0740ba69f78f02eb05b06eb0 1444 opensaml2_2.3-1.dsc
d5b29a25a26a85957379279280b0f530146ec185 926057 opensaml2_2.3.orig.tar.gz
a6d5128cf0d8e6fa9e32736af794059d682887e0 7369 opensaml2_2.3-1.diff.gz
920c448d41521412a700feb22f090c295375c409 1204852 libsaml6_2.3-1_i386.deb
aed66cdfbaafcc044a578cedc30fe7fc5ff70b20 47456 libsaml2-dev_2.3-1_i386.deb
1a7500721bf927ee9e67e3f8fabd60cfeed93594 25092 opensaml2-tools_2.3-1_i386.deb
9df5bdd48f7262d93abf688d6e0aa495a11bdf44 27822 opensaml2-schemas_2.3-1_all.deb
df24ea17dcbb2f802e136e7af24dc17a79d052c7 421974 libsaml2-doc_2.3-1_all.deb
Checksums-Sha256:
4109a98feb891f28db8fd3fe70d94f30e865b27c6bd73d76fbc908407b4561c7 1444 opensaml2_2.3-1.dsc
027b3b9a6f5c147dd434d52e674ca238672412595dfa18675a70bafc5495e2fd 926057 opensaml2_2.3.orig.tar.gz
3566007f689f9bf6aea2897166fc92998715197b9e7a61d55a40a4d04deff89c 7369 opensaml2_2.3-1.diff.gz
d47d2d53f3949405b497cb4bc392ef10fcab1f413e1680571ad3018f1f576175 1204852 libsaml6_2.3-1_i386.deb
079999da97ccbdcc230f8e31277df61cdb62f9299848f00aadeb456c7704540b 47456 libsaml2-dev_2.3-1_i386.deb
df189368250b95cb85c8af8fda122cd69ec27f4e7471ba880764118a9dcc23f7 25092 opensaml2-tools_2.3-1_i386.deb
1ef7c76b70fbd57068ad6bd63e4e49db1db79636f44e440147f6776c1457f7bd 27822 opensaml2-schemas_2.3-1_all.deb
fe6347a873320640608592005e746ec026a030bb19a4843f8c964fc3e929af4f 421974 libsaml2-doc_2.3-1_all.deb
Files:
6001f08d173376d0601ef58031ffe068 1444 libs extra opensaml2_2.3-1.dsc
9695d40cb28519c2cde8211cd1c3dc69 926057 libs extra opensaml2_2.3.orig.tar.gz
3247ba2b6dfdeafe970828855afa4a75 7369 libs extra opensaml2_2.3-1.diff.gz
4c762995e7c332852592b34768125f40 1204852 libs extra libsaml6_2.3-1_i386.deb
44746d3bd0872916b557092f8e319417 47456 libdevel extra libsaml2-dev_2.3-1_i386.deb
d4070c52ee88372def335281c46f260a 25092 text extra opensaml2-tools_2.3-1_i386.deb
4b1051249d950993a8cdf024487e5e35 27822 text extra opensaml2-schemas_2.3-1_all.deb
791bad621a17f7e663e3dc836bf189d4 421974 doc extra libsaml2-doc_2.3-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkr5swcACgkQ+YXjQAr8dHbVggCeNQvx2fTwladWELVFCbabfGyk
e70AoJJfmQ7xTL94HQOGzWI2r3BKsD+9
=LCS8
-----END PGP SIGNATURE-----
Accepted:
libsaml2-dev_2.3-1_i386.deb
to main/o/opensaml2/libsaml2-dev_2.3-1_i386.deb
libsaml2-doc_2.3-1_all.deb
to main/o/opensaml2/libsaml2-doc_2.3-1_all.deb
libsaml6_2.3-1_i386.deb
to main/o/opensaml2/libsaml6_2.3-1_i386.deb
opensaml2-schemas_2.3-1_all.deb
to main/o/opensaml2/opensaml2-schemas_2.3-1_all.deb
opensaml2-tools_2.3-1_i386.deb
to main/o/opensaml2/opensaml2-tools_2.3-1_i386.deb
opensaml2_2.3-1.diff.gz
to main/o/opensaml2/opensaml2_2.3-1.diff.gz
opensaml2_2.3-1.dsc
to main/o/opensaml2/opensaml2_2.3-1.dsc
opensaml2_2.3.orig.tar.gz
to main/o/opensaml2/opensaml2_2.3.orig.tar.gz
Reply to: