Re: Shibboleth SP Security Advisory

To: Enrique Pérez Arnaud <eperez@emergya.com>
Cc: debian-lts@lists.debian.org
Subject: Re: Shibboleth SP Security Advisory
From: Santiago Ruano Rincón <santiagorr@riseup.net>
Date: Tue, 13 Jun 2023 22:05:43 -0300
Message-id: <ZIkSZx+/+ugasCiV@novelo>
In-reply-to: <[🔎] k5ukqgtbcrbopawxp4aav6cc3c5zi5pmqujxw7e4ufxztqxwvl@vmrwnch46hks>
References: <[🔎] k5ukqgtbcrbopawxp4aav6cc3c5zi5pmqujxw7e4ufxztqxwvl@vmrwnch46hks>

Hi,

El 13/06/23 a las 08:59, Enrique Pérez Arnaud escribió:
> Hi,
> 
> The people from Shibboleth released yesterday 12th of June a security
> advisory and update [1].
> 
> Does anyone here know whether there will be a security update for Debian
> LTS (buster) regarding this?
> 
> Thanks!
> 
> 
> 1.- https://shibboleth.net/community/advisories/secadv_20230612.txt

Thanks for your message, Enrique.

For the moment, there isn't a CVE assigned for that issue. You can track
the security status of xmltooling here, including buster:
https://security-tracker.debian.org/tracker/source-package/xmltooling

Following the triage made by the Debian security team, I'd say this
issue should be addressed in buster too.

Regards,

 -- Santiago

Attachment: signature.asc
Description: PGP signature

Reply to:

References:
- Shibboleth SP Security Advisory
  - From: Enrique Pérez Arnaud <eperez@emergya.com>

Prev by Date: golang-go.crypto security update: Built-Using refers to non-existing source package
Next by Date: xmltooling update for buster
Previous by thread: Shibboleth SP Security Advisory
Next by thread: golang-go.crypto security update: Built-Using refers to non-existing source package
Index(es):
- Date
- Thread