Ubuntu
opensaml package

Shibboleth Security Advisory [25 July 2011]

Bug #832695 reported by Simon Lundström on 2011-08-24

This bug report is a duplicate of: Bug #817199: opensaml2 security advisory (CVE-2011-1411). Edit Remove

258

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	opensaml (Ubuntu)	Confirmed	Medium	Unassigned

Bug Description

AFAIK this package is also affected by bug #816315 since Scott Cantor writes in the mail (http://marc.info/?l=shibboleth-announce&m=131160684316485&w=2): "All versions of the OpenSAML library prior to V2.4.3 contain this vulnerability."

This would include the opensaml version in hardy too.

Tags:

CVE References

2011-1411

Simon Lundström (simmel) on 2011-08-24

visibility:

private → public

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2011-08-24:

Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

Changed in opensaml (Ubuntu):
status:	New → Confirmed
importance:	Undecided → Medium

Report a bug

This report contains Public Security information

Everyone can see this security related information.

Duplicate of bug #817199 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuopensaml package