Faidon Liambotis writes:
> Ferenc Wagner wrote:
>> Unfortunately Russ is the only DD in the team. While I can help with
>> building packages for example, I'm not familiar with the security
>> procedure and can't upload either.
> OK, I'll handle this then, no problem.
Thank you so much for taki
Ferenc Wagner wrote:
> Unfortunately Russ is the only DD in the team. While I can help with
> building packages for example, I'm not familiar with the security
> procedure and can't upload either.
OK, I'll handle this then, no problem.
Thanks,
Faidon
--
To UNSUBSCRIBE, email to debian-bugs-di
Faidon Liambotis writes:
> Russ Allbery wrote:
>
>> Unfortunately, I'm both sick at the moment and my main computer is
>> dead with hardware failure, so I can't easily pursue it at the moment.
>> If someone else could, that would be great. I had proposed the needed
>> changes for opensaml2 for t
Russ Allbery wrote on 2009-10-06:
> Ack, I'm sorry. I didn't realize that, so yes, that will indeed be a
> problem.
Sorry, I didn't understand that the fixes were being published separately,
since I was reviewing them simultaneously.
As it stands, I see now that the advisory I wrote should mak
Russ Allbery wrote:
> Unfortunately, I'm both sick at the moment and my main computer is
> dead with hardware failure, so I can't easily pursue it at the moment.
> If someone else could, that would be great. I had proposed the needed
> changes for opensaml2 for the next stable update, but didn't g
- "Scott Cantor" wrote:
> I can confirm that this would break in the manner described if you
> patch
> xmltooling but NOT opensaml with the related fix.
>
> It sounds like the opensaml patch and the SP rebuild didn't make it in
> yet.
> My apologies if this wasn't clear to the packagers or i
Faidon Liambotis wrote on 2009-10-06:
> I think the problem is in the following change:
>* SECURITY: Correctly honor the "use" attribute of SAML
> metadata to honor restrictions to signing or encryption. This is a
> partial fix; the complete fix also requires a new version of the
>
Package: libxmltooling1
Version: 1.0-2+lenny1
Severity: grave
Hi,
(elevated severity because of unrelated breakage in a security update)
libxmltooling 1.0-2+lenny1 security upgrade breaks Shibboleth SPs for IdPs
which have use="signing" in their IDPSSODescriptor's KeyDescriptor.
I've verified t
8 matches
Mail list logo
