On Sat, May 09, 2015 at 08:35:13AM -0700, tony mancill wrote:
> On 05/06/2015 10:54 PM, tony mancill wrote:
> > An update on this... I'm in the midst of packaging 2.6.5, but it in
> > turn requires an update to libxmltooling-java to version 1.4.4, which I
> > am working on now.
>
> In an email ex
On 05/06/2015 10:54 PM, tony mancill wrote:
> An update on this... I'm in the midst of packaging 2.6.5, but it in
> turn requires an update to libxmltooling-java to version 1.4.4, which I
> am working on now.
In an email exchange with Scott Cantor, who works on this family of
libraries upstream,
An update on this... I'm in the midst of packaging 2.6.5, but it in
turn requires an update to libxmltooling-java to version 1.4.4, which I
am working on now.
Cheers,
tony
signature.asc
Description: OpenPGP digital signature
Hi Emmanuel,
Thanks for the quick feedback.
On Fri, Mar 13, 2015 at 10:42:41AM +0100, Emmanuel Bourg wrote:
> Hi Salvatore,
>
> Thank you for the report. Looking at the commit r1680 mentioned on the
> security tracker I fail to see how it addresses the vulnerability
> described. I suspect this i
Hi Salvatore,
Thank you for the report. Looking at the commit r1680 mentioned on the
security tracker I fail to see how it addresses the vulnerability
described. I suspect this is actually a vulnerability in a dependency
shared by opensaml and idp (maybe xmltooling which contains the
PKIXValidatio
Source: libopensaml2-java
Version: 2.6.2-1
Severity: grave
Tags: security upstream fixed-upstream
Hi,
the following vulnerability was published for libopensaml2-java. Note
that I don't know libopensaml2-java well enough, so could you assess
if this affeccts Debian as well, and if the severity is
6 matches
Mail list logo
