[SECURITY] [DLA 4093-1] opensaml security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4093-1] opensaml security update
From: Andreas Henriksson <andreas@fatal.se>
Date: Thu, 27 Mar 2025 14:16:59 +0100
Message-id: <[🔎] x656wj5kbuvwdykn7l6svhjjw5mqgtkoh6dgbczop6x34nrrvq@uy2obfggdnuo>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-------------------------------------------------------------------------
Debian LTS Advisory DLA-4093-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                   Andreas Henriksson
March 27, 2025                                https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package        : opensaml
Version        : 3.2.0-2+deb11u1
CVE ID         : TEMP-1100464-F28DDC
Debian Bug     : 1100464

Alexander Tan discovered that the OpenSAML C++ library was susceptible
to forging of signed SAML messages. For additional details please refer
to the upstream advisory at
https://shibboleth.net/community/advisories/secadv_20250313.txt

For Debian 11 bullseye, this problem has been fixed in version
3.2.0-2+deb11u1.

We recommend that you upgrade your opensaml packages.

For the detailed security status of opensaml please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/opensaml

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Attachment: signature.asc
Description: PGP signature

Reply to:

Prev by Date: [SECURITY] [DLA 4092-1] libcap2 security update
Next by Date: [SECURITY] [DLA 4094-1] mercurial security update
Previous by thread: [SECURITY] [DLA 4092-1] libcap2 security update
Next by thread: [SECURITY] [DLA 4094-1] mercurial security update
Index(es):
- Date
- Thread