[SECURITY] [DSA 5879-1] opensaml security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 5879-1] opensaml security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Sun, 16 Mar 2025 19:02:23 +0000
Message-id: <[🔎] Z9cgP4OVO65iRD92@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5879-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
March 16, 2025                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : opensaml
CVE ID         : not yet available

Alexander Tan discovered that the OpenSAML C++ library was susceptible
to forging of signed SAML messages. For additional details please refer
to the upstream advisory at
https://shibboleth.net/community/advisories/secadv_20250313.txt

For the stable distribution (bookworm), this problem has been fixed in
version 3.2.1-3+deb12u1.

We recommend that you upgrade your opensaml packages.

For the detailed security status of opensaml please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/opensaml

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmfXICAACgkQEMKTtsN8
TjZmyg/9H263wYNCU3wtNVSqbeZzirWnsLWj2EE9RBFIlN0eCanhF7P9seZ37dy5
VXPc/rLNY+WQWnuypz8Rz7c24znrmygRS7b0FXRN5mTGS5jd6fH+StzcMvSYVTps
JZYHvqjd0Fz6IQUjoch+kVPLwDtIH7qMQ1ClKbXRUhXtnn2W72hvrvczmWsHP0e3
zVih4LA22/XOsNsbpEFWNQx9VBbANRl/fMpOsvcpvPW8DaQZ7rzcYCCCXzODv9Rd
S7aGCh8hoj3ZZ0vEuYXmdO+0HS270AgH+n57NFd5anrHdMwRFYow/zTFKjhEveqz
kd8xEbF5W2sN8wSYo9lKCqxh2T2waLTbQXsLkD0iMnhaC+pvWwkvcUDcCygIj3S9
t5A+ezSRM1jIwSmU9unU3FoUF/5h4UaoQw171GsQj939Z3YLei83DSMuOsG3gQ0S
uc0P4Rs4mUAE6ZQtJxz3DR4u07Pn7fatUVBJTmgUxioR2/Wxy9OWXVb3mW5AZEzy
GsE4/1CbwQU84GZhweJ2fer6Ack9/bmVBL0VBcDG7JDMb3ZPj7FIwsoRCz82s1AT
TitGr50EyOMQjGikwiAvDEDZjer2wa/clkgOU5og10e7PfYgQliTE7/AXlI5Kpn0
UxFEQDOTjFMiZKKv6j0VAz+ScVXpj44R/lxLByKVCq/SCZaIygc=
=psIo
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 5878-1] php8.2 security update
Next by Date: [SECURITY] [DSA 5880-1] freetype security update
Previous by thread: [SECURITY] [DSA 5878-1] php8.2 security update
Next by thread: [SECURITY] [DSA 5880-1] freetype security update
Index(es):
- Date
- Thread