This bug was fixed in the package shibboleth-sp2 - 2.6.0+dfsg1-4+deb9u1build0.17.10.1
--------------- shibboleth-sp2 (2.6.0+dfsg1-4+deb9u1build0.17.10.1) artful-security; urgency=medium * fake sync from Debian (LP: #1732606) shibboleth-sp2 (2.6.0+dfsg1-4+deb9u1) stretch-security; urgency=high * [bf25c5f] New patch: Security fix from V2.6.1 (SSPCPP-763) Thanks to Scott Cantor -- Steve Beattie <sbeat...@ubuntu.com> Wed, 22 Nov 2017 17:35:11 -0800 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1732606 Title: CVE-2017-16852 Shibboleth Service Provider Security Advisory [15 November 2017] To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/opensaml2/+bug/1732606/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs