Faidon Liambotis parav...@debian.org writes:
Russ Allbery wrote:
Unfortunately, I'm both sick at the moment and my main computer is
dead with hardware failure, so I can't easily pursue it at the moment.
If someone else could, that would be great. I had proposed the needed
changes for
Ferenc Wagner wrote:
Unfortunately Russ is the only DD in the team. While I can help with
building packages for example, I'm not familiar with the security
procedure and can't upload either.
OK, I'll handle this then, no problem.
Thanks,
Faidon
--
To UNSUBSCRIBE, email to
Faidon Liambotis parav...@debian.org writes:
Ferenc Wagner wrote:
Unfortunately Russ is the only DD in the team. While I can help with
building packages for example, I'm not familiar with the security
procedure and can't upload either.
OK, I'll handle this then, no problem.
Thank you so
Package: libxmltooling1
Version: 1.0-2+lenny1
Severity: grave
Hi,
(elevated severity because of unrelated breakage in a security update)
libxmltooling 1.0-2+lenny1 security upgrade breaks Shibboleth SPs for IdPs
which have use=signing in their IDPSSODescriptor's KeyDescriptor.
I've verified
Faidon Liambotis wrote on 2009-10-06:
I think the problem is in the following change:
* SECURITY: Correctly honor the use attribute of KeyDescriptor SAML
metadata to honor restrictions to signing or encryption. This is a
partial fix; the complete fix also requires a new version
- Scott Cantor canto...@osu.edu wrote:
I can confirm that this would break in the manner described if you
patch
xmltooling but NOT opensaml with the related fix.
It sounds like the opensaml patch and the SP rebuild didn't make it in
yet.
My apologies if this wasn't clear to the
Russ Allbery wrote:
Unfortunately, I'm both sick at the moment and my main computer is
dead with hardware failure, so I can't easily pursue it at the moment.
If someone else could, that would be great. I had proposed the needed
changes for opensaml2 for the next stable update, but didn't get
Russ Allbery wrote on 2009-10-06:
Ack, I'm sorry. I didn't realize that, so yes, that will indeed be a
problem.
Sorry, I didn't understand that the fixes were being published separately,
since I was reviewing them simultaneously.
As it stands, I see now that the advisory I wrote should make
8 matches
Mail list logo
