This bug was fixed in the package shibboleth-sp - 3.0.4+dfsg1-1ubuntu0.1
---
shibboleth-sp (3.0.4+dfsg1-1ubuntu0.1) focal-security; urgency=high
* SECURITY UPDATE: Fix a phishing vulnerability: Template generation
allows external parameters to override placeholders (LP:
** Changed in: shibboleth-sp (Ubuntu)
Status: New => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1919419
Title:
Phishing vulnerability: Template generation allows external
I have pushed the focal update to the security-proposed ppa at
https://launchpad.net/~ubuntu-security-
proposed/+archive/ubuntu/ppa/+packages ; any testing that anyone could
give once it is done building would be appreciated.
Thanks!
--
You received this bug notification because you are a
Hey Etienne,
Thanks for submitting the debdiff. I'm taking a look in more detail, but
on first glance it looks good to me. If all goes well, I'll push it up
to our security-proposed in a bit.
** Changed in: shibboleth-sp (Ubuntu)
Assignee: (unassigned) => Steve Beattie (sbeattie)
--
You
Is there something missing from the proposed patch?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1919419
Title:
Phishing vulnerability: Template generation allows external parameters
to override
Assigned CVE: 2021-28963
https://security-tracker.debian.org/tracker/CVE-2021-28963
For some reason, the "link to CVE" on the right rejects "2021-28963"...
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-28963
--
You received this bug notification because you are a member of
** Changed in: shibboleth-sp (Debian)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1919419
Title:
Phishing vulnerability: Template generation allows
** Changed in: shibboleth-sp (Ubuntu)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1919419
Title:
Phishing vulnerability: Template generation allows external