[Bug 1919419] Re: Phishing vulnerability: Template generation allows external parameters to override placeholders

2021-04-22 Thread Launchpad Bug Tracker
This bug was fixed in the package shibboleth-sp - 3.0.4+dfsg1-1ubuntu0.1 --- shibboleth-sp (3.0.4+dfsg1-1ubuntu0.1) focal-security; urgency=high * SECURITY UPDATE: Fix a phishing vulnerability: Template generation allows external parameters to override placeholders (LP:

[Bug 1919419] Re: Phishing vulnerability: Template generation allows external parameters to override placeholders

2021-04-20 Thread Steve Beattie
** Changed in: shibboleth-sp (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1919419 Title: Phishing vulnerability: Template generation allows external

[Bug 1919419] Re: Phishing vulnerability: Template generation allows external parameters to override placeholders

2021-03-31 Thread Steve Beattie
I have pushed the focal update to the security-proposed ppa at https://launchpad.net/~ubuntu-security- proposed/+archive/ubuntu/ppa/+packages ; any testing that anyone could give once it is done building would be appreciated. Thanks! -- You received this bug notification because you are a

[Bug 1919419] Re: Phishing vulnerability: Template generation allows external parameters to override placeholders

2021-03-30 Thread Steve Beattie
Hey Etienne, Thanks for submitting the debdiff. I'm taking a look in more detail, but on first glance it looks good to me. If all goes well, I'll push it up to our security-proposed in a bit. ** Changed in: shibboleth-sp (Ubuntu) Assignee: (unassigned) => Steve Beattie (sbeattie) -- You

[Bug 1919419] Re: Phishing vulnerability: Template generation allows external parameters to override placeholders

2021-03-29 Thread Etienne Dysli Metref
Is there something missing from the proposed patch? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1919419 Title: Phishing vulnerability: Template generation allows external parameters to override

[Bug 1919419] Re: Phishing vulnerability: Template generation allows external parameters to override placeholders

2021-03-22 Thread Etienne Dysli Metref
Assigned CVE: 2021-28963 https://security-tracker.debian.org/tracker/CVE-2021-28963 For some reason, the "link to CVE" on the right rejects "2021-28963"... ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-28963 -- You received this bug notification because you are a member of

[Bug 1919419] Re: Phishing vulnerability: Template generation allows external parameters to override placeholders

2021-03-20 Thread Bug Watch Updater
** Changed in: shibboleth-sp (Debian) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1919419 Title: Phishing vulnerability: Template generation allows

[Bug 1919419] Re: Phishing vulnerability: Template generation allows external parameters to override placeholders

2021-03-18 Thread Mathew Hodson
** Changed in: shibboleth-sp (Ubuntu) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1919419 Title: Phishing vulnerability: Template generation allows external