[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 4093-1] opensaml security update



-------------------------------------------------------------------------
Debian LTS Advisory DLA-4093-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                   Andreas Henriksson
March 27, 2025                                https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package        : opensaml
Version        : 3.2.0-2+deb11u1
CVE ID         : TEMP-1100464-F28DDC
Debian Bug     : 1100464

Alexander Tan discovered that the OpenSAML C++ library was susceptible
to forging of signed SAML messages. For additional details please refer
to the upstream advisory at
https://shibboleth.net/community/advisories/secadv_20250313.txt

For Debian 11 bullseye, this problem has been fixed in version
3.2.0-2+deb11u1.

We recommend that you upgrade your opensaml packages.

For the detailed security status of opensaml please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/opensaml

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Attachment: signature.asc
Description: PGP signature


Reply to: