Fwd: Re: lemonldap-ng: CVE-2012-6426: SAML messages signatures are not verified

To: debian-release@lists.debian.org
Cc: Gregor Herrmann <gregoa@debian.org>
Subject: Fwd: Re: lemonldap-ng: CVE-2012-6426: SAML messages signatures are not verified
From: Xavier <x.guimard@free.fr>
Date: Fri, 21 Dec 2012 06:09:02 +0100
Message-id: <[🔎] 50D3EEEE.9050900@free.fr>
In-reply-to: <20121220092507.GA14262@inutil.org>
References: <20121220092507.GA14262@inutil.org>

-------- Original messages --------
On Thu, Dec 20, 2012 at 10:25:07 +0100, Moritz Muehlenhoff wrote:
>
> On Wed, Dec 19, 2012 at 10:32:04PM +0100, Xavier Guimard wrote:
> > Hi all,
> > 
> > I've prepared the attached-patch for the #696329 security bug. It is
> > ready to be stored in lemonldap-ng testing package. Stable version is
> > not vulnerable since SAML exists only in versions >=1.0
> > 
> > Can you say to me if it's good ?
>
> The fixes for testing are handled and reviewed by the release managers.
>
> Please prepare an updated package for testing-proposed-updates
> (version number 1.1.2-5+deb70u1) and file an unblock request against
release.debian.org
>
> Cheers,
>         Moritz
 ---
On Thu, Dec 20, 2012 at 13:55:05 +0800, Paul Wise wrote:
> On Thu, Dec 20, 2012 at 1:35 PM, Xavier wrote:
>
> > I've to push a fix for security in testing-proposed-updates. Can I join
> > a po file also (pt-BR translation) ?
> According to the current freeze policy that is acceptable:
>
> http://release.debian.org/testing/freeze_policy.html
>

Hi all,

We'd like to have an unblock to push lemonldap-ng_1.1.2-5+deb70u1
This release will contain :
* the security fix to close #696329
* the pt_BR.po file to close #693366

Best regards,
Xavier

Reply to:

Prev by Date: Re: unblock(-udeb)s for d-i wheezy rc1, round 1
Next by Date: Bug#694614: tpu: cairo-dock/3.0.0-3 (pre-approval)
Previous by thread: Bug#696460: tag #599523 wheezy-ignore
Next by thread: Bug#696469: unblock: dcmtk/3.6.0-12
Index(es):
- Date
- Thread