Re: lemonldap-ng: CVE-2012-6426: SAML messages signatures are not verified

To: Xavier Guimard <x.guimard@free.fr>
Cc: security@debian.org, debian-perl@lists.debian.org
Subject: Re: lemonldap-ng: CVE-2012-6426: SAML messages signatures are not verified
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Thu, 20 Dec 2012 10:25:07 +0100
Message-id: <[🔎] 20121220092507.GA14262@inutil.org>
In-reply-to: <[🔎] 50D23254.8050903@free.fr>
References: <[🔎] 50D23254.8050903@free.fr>

On Wed, Dec 19, 2012 at 10:32:04PM +0100, Xavier Guimard wrote:
> Hi all,
> 
> I've prepared the attached-patch for the #696329 security bug. It is
> ready to be stored in lemonldap-ng testing package. Stable version is
> not vulnerable since SAML exists only in versions >=1.0
> 
> Can you say to me if it's good ?

The fixes for testing are handled and reviewed by the release managers.

Please prepare an updated package for testing-proposed-updates
(version number 1.1.2-5+deb70u1) and file an unblock request against
release.debian.org

Cheers,
        Moritz

Reply to:

Follow-Ups:
- Re: lemonldap-ng: CVE-2012-6426: SAML messages signatures are not verified
  - From: gregor herrmann <gregoa@debian.org>

References:
- lemonldap-ng: CVE-2012-6426: SAML messages signatures are not verified
  - From: Xavier Guimard <x.guimard@free.fr>

Prev by Date: Re: lemonldap-ng: CVE-2012-6426: SAML messages signatures are not verified
Next by Date: Re: Permission to take my remaining *-perl packages
Previous by thread: Re: lemonldap-ng: CVE-2012-6426: SAML messages signatures are not verified
Next by thread: Re: lemonldap-ng: CVE-2012-6426: SAML messages signatures are not verified
Index(es):
- Date
- Thread