Re: lemonldap-ng: CVE-2012-6426: SAML messages signatures are not verified

To: Xavier Guimard <x.guimard@free.fr>
Cc: security@debian.org, debian-perl@lists.debian.org
Subject: Re: lemonldap-ng: CVE-2012-6426: SAML messages signatures are not verified
From: Yves-Alexis Perez <corsac@debian.org>
Date: Thu, 20 Dec 2012 10:24:13 +0100
Message-id: <[🔎] 1355995453.8778.9.camel@scapa>
In-reply-to: <[🔎] 50D23254.8050903@free.fr>
References: <[🔎] 50D23254.8050903@free.fr>

On mer., 2012-12-19 at 22:32 +0100, Xavier Guimard wrote:
> Hi all,
> 
> I've prepared the attached-patch for the #696329 security bug. It is
> ready to be stored in lemonldap-ng testing package. Stable version is
> not vulnerable since SAML exists only in versions >=1.0
> 
> Can you say to me if it's good ?

At first sight it looks good (well, it's the upstream patch anyway,
isn't it?). But since it needs to go to t-p-u you need to reach the
approval from the release team, not the security team (there's no
testing-security)

Regards,
-- 
Yves-Alexis

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

References:
- lemonldap-ng: CVE-2012-6426: SAML messages signatures are not verified
  - From: Xavier Guimard <x.guimard@free.fr>

Prev by Date: Re: lemonldap-ng: CVE-2012-6426: SAML messages signatures are not verified
Next by Date: Re: lemonldap-ng: CVE-2012-6426: SAML messages signatures are not verified
Previous by thread: Re: lemonldap-ng: CVE-2012-6426: SAML messages signatures are not verified
Next by thread: Re: lemonldap-ng: CVE-2012-6426: SAML messages signatures are not verified
Index(es):
- Date
- Thread