Thanks a lot for this.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1610286
Title:
[MIR] libapache2-mod-auth-mellon, liblasso3
To manage notifications about this bug go to:
Override component to main
lasso 2.5.1-0ubuntu1 in bionic: universe/libs -> main
liblasso-perl 2.5.1-0ubuntu1 in bionic amd64: universe/libs/optional/100% ->
main
liblasso-perl 2.5.1-0ubuntu1 in bionic arm64: universe/libs/optional/100% ->
main
liblasso-perl 2.5.1-0ubuntu1 in bionic armhf:
Override component to main
libapache2-mod-auth-mellon 0.13.1-1build2 in bionic: universe/misc -> main
libapache2-mod-auth-mellon 0.13.1-1build2 in bionic amd64:
universe/web/extra/100% -> main
libapache2-mod-auth-mellon 0.13.1-1build2 in bionic arm64:
universe/web/extra/100% -> main
Thanks very much for the reviews. I've uploaded lasso 2.5.1-0ubuntu1
which includes the liblasso3.symbols file. I've also submitted patches
for test enablement and addition of symbols file back to Debian.
** Changed in: lasso (Ubuntu)
Status: Incomplete => New
--
You received this bug
libapache2-mod-auth-mellon itself looks ok
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1610286
Title:
[MIR] libapache2-mod-auth-mellon, liblasso3
To manage notifications about this bug go to:
lasso:
- please add a symbols file for the shared library
- please update to the 2.5.1 release. From the ChangeLog it looks like a
bug-fix-only release.
2.5.1 - February 19th 2016
---
17 commits, 16 files changed, 1096 insertions, 42 deletions
- Add missing urn
I've seeded libapache2-mod-auth-mellon for Ubuntu:
https://bazaar.launchpad.net/~ubuntu-core-dev/ubuntu-
seeds/platform.bionic/revision/2166
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1610286
I tested mod-auth-mellon/lasso on xenial with testshib
(http://www.testshib.org/) and ADFS (that comes with w2k12r2) on the idP
side, including sha256 support https://dev.entrouvert.org/issues/10019 -
I could successfully perform authentication and get to a protected page.
Both Service Provider
** Changed in: lasso (Ubuntu)
Status: Incomplete => New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1610286
Title:
[MIR] libapache2-mod-auth-mellon, liblasso3
To manage notifications
Tests have been enabled during build in lasso 2.5.0-5ubuntu1.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1610286
Title:
[MIR] libapache2-mod-auth-mellon, liblasso3
To manage notifications about
Lasso needs some testsuite enablement; libapache2-mod-auth-mellon +1'ed
for main promotion.
** Changed in: lasso (Ubuntu)
Importance: Undecided => Medium
** Changed in: libapache2-mod-auth-mellon (Ubuntu)
Importance: Undecided => Medium
** Changed in: libapache2-mod-auth-mellon (Ubuntu)
I reviewed lasso 2.5.0-5build1 as checked into ubuntu zesty. This should
not be considered a full security audit but rather a quick gauge of
maintainability.
lasso has two CVEs in our databases, CVE-2009-0050 and CVE-2015-1783. The
first was an OpenSSL API misuse which was common to many other
I reviewed libapache2-mod-auth-mellon version 0.12.0-1 as checked into
zesty. This should not be considered a full security audit but rather a
quick gauge of maintainability.
- Four previous CVEs were reported against this module. While this is
unfortunate I don't think it's unduly distressing.
libapache2-mod-auth-mellon has no security history? The last changelog entry
has this:
- Fixes Denial of Service issues [CVE-2016-2145, CVE-2016-2146].
Looks like both of these are security sensitive, will pass to security
team.
** CVE added: http://www.cve.mitre.org/cgi-
14 matches
Mail list logo
