[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: lemonldap-ng: CVE-2012-6426: SAML messages signatures are not verified

On Thu, Dec 20, 2012 at 05:25:11PM +0100, gregor herrmann wrote:
> On Thu, 20 Dec 2012 10:25:07 +0100, Moritz Muehlenhoff wrote:
> 
> > > I've prepared the attached-patch for the #696329 security bug. It is
> > > ready to be stored in lemonldap-ng testing package. Stable version is
> > > not vulnerable since SAML exists only in versions >=1.0
> > > Can you say to me if it's good ?
> > The fixes for testing are handled and reviewed by the release managers.
> > 
> > Please prepare an updated package for testing-proposed-updates
> > (version number 1.1.2-5+deb70u1) and file an unblock request against
> > release.debian.org
> 
> [Or 1.1.2-5+deb7u1 without the '0'? I haven't really memorized this
> new scheme.]

AFAIK w/o the 0, yes.
 
Cheers,
        Moritz
Reply to: