Debian
xmltooling package

xmltooling 1.0-2+lenny1 source package in Debian

Changelog

xmltooling (1.0-2+lenny1) stable-security; urgency=high


  * SECURITY: Certificate subject names were incorrectly matched against
    trusted "key names" when they contained nul characters.  This affects
    only Shibboleth deployments relying on the "PKIX" style of trust
    validation, used in the absence of explicit certificate information in
    the SAML metadata provided to the SP and reliance on certificate
    authorities found in the <KeyAuthority> metadata extension element.
    See <http://shibboleth.internet2.edu/secadv/secadv_20090817.txt>
  * SECURITY: Correctly handle decoding of malformed URLs, closing a
    possibly exploitable buffer overflow.
    See <http://shibboleth.internet2.edu/secadv/secadv_20090826.txt>
  * SECURITY: Correctly honor the "use" attribute of <KeyDescriptor> SAML
    metadata to honor restrictions to signing or encryption.  This is a
    partial fix; the complete fix also requires a new version of the
    OpenSAML library.
    See <http://shibboleth.internet2.edu/secadv/secadv_20090817a.txt>

 -- Russ Allbery <email address hidden>  Tue, 22 Sep 2009 19:23:54 -0700

Upload details

Uploaded by:
Debian Shib Team
Uploaded to:
Lenny
Original maintainer:
Debian Shib Team
Architectures:
any
Section:
libs
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section
Lenny release main libs

Builds

Downloads

File Size SHA-256 Checksum
xmltooling_1.0-2+lenny1.dsc 1.4 KiB 079d5f520df7669334f86cf6da0b3e6908627289a37c97657caa89f7b68a31b7
xmltooling_1.0.orig.tar.gz 536.9 KiB 736f4fb0aa1ecce583700e712719075532483b5110748adeed8daf3466b8b9ff
xmltooling_1.0-2+lenny1.diff.gz 8.7 KiB d8edd0fcedba59d2e3faa360030649ab6d74577ce1a187488da1f6a944f19404

No changes file available.

Binary packages built by this source