Re: lemonldap-ng: CVE-2012-6426: SAML messages signatures are not verified
On Wed, Dec 19, 2012 at 10:32:04PM +0100, Xavier Guimard wrote:
> Hi all,
>
> I've prepared the attached-patch for the #696329 security bug. It is
> ready to be stored in lemonldap-ng testing package. Stable version is
> not vulnerable since SAML exists only in versions >=1.0
>
> Can you say to me if it's good ?
The fixes for testing are handled and reviewed by the release managers.
Please prepare an updated package for testing-proposed-updates
(version number 1.1.2-5+deb70u1) and file an unblock request against
release.debian.org
Cheers,
Moritz
Reply to: