[SECURITY] [DSA 5994-1] shibboleth-sp security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 5994-1] shibboleth-sp security update
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sun, 07 Sep 2025 14:18:03 +0000
Message-id: <[🔎] E1uvGDT-002yWl-0O@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5994-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
September 07, 2025                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : shibboleth-sp
Debian Bug     : 1114506

Florian Stuhlmann discovered a SQL vulnerability in the ODBC plugin in the
Shibboleth Service Provider which may result in information leak.

For additional information please refer to the upstream advisory at
https://shibboleth.net/community/advisories/secadv_20250903.txt

For the oldstable distribution (bookworm), this problem has been fixed
in version 3.4.1+dfsg-2+deb12u1.

For the stable distribution (trixie), this problem has been fixed in
version 3.5.0+dfsg-2+deb13u1.

We recommend that you upgrade your shibboleth-sp packages.

For the detailed security status of shibboleth-sp please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/shibboleth-sp

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmi9k41fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0RJzA//e5S/OReN7hUNEnUekq7G1rsmBgMEEkCRo9+qnVSoU3fx9myebNqieKPn
CpPmP5bpFkpROsTaWzHFBPfURS8y8xz2G5Jlpd+M0WZCqruJjJv8FbhkgVKKmbkz
AsiABDNPp+Pougc/PV5uHcGn3bzRqCvp5fdtEF53vU8Od4WzE/nLjxdjsVSkFdFn
DpieuzR2rR9Q4tPLdL4XtPs3WXPwoAt5czkUdnHMQEOplbBE6ISsb4kDcven9cTE
autdHU/Nvc/xMcurDWpPGeyR8hE8NL3B5evK3VJXB/9IrT95CSQbcukYqP7IWYXm
mrAcW0nvUcqe3eCD6QM10tj8vh/TaN7vvSudFSwP1bBesXyD2KyeJHw6kQFWXLi3
mUdgh/Q3+InzNtVQ541g71QXMwwz3SL1aujqq+ck3WiI+BOfEvULFVgrmsopxhJP
Y6ZohFdCmNDOcbOUm4Nz+kWH2QCoxU/Qzzz43bZXIjpIKhvc4yG7A0FErCY8D1SA
D2UEmWk3a8jaF0ZLN3Ms0Bmfy1VqAkFOItn8cERhL9RMY3stO9RyDc2xWsWjT5mc
h1cDZbr3uBCYqHQ1g0h6QaKMrmK0zscN69lsvO36q/S0CBytBNLPTvGOhh/upkTP
vvy3df5yxZ2lk/dwCMPnTKJqrKy7BFBrUuHs7bDwnT254t6lczg=
=9+Hd
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 5993-1] chromium security update
Next by Date: [SECURITY] [DSA 5995-1] hsqldb1.8.0 security update
Previous by thread: [SECURITY] [DSA 5993-1] chromium security update
Next by thread: [SECURITY] [DSA 5995-1] hsqldb1.8.0 security update
Index(es):
- Date
- Thread