Comment 4 for bug 817199

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package opensaml2 - 2.3-1ubuntu0.1

---------------
opensaml2 (2.3-1ubuntu0.1) lucid-security; urgency=high

  * SECURITY UPDATE: Fix vulnerability to a "wrapping attack" that could
    allow a remote, unauthenticated attacker to craft messages that can be
    successfully verified but contain arbitrary content. This may allow
    an attacker to subvert the security of software using OpenSAML and
    supply an unauthenticated login identity and data under the guise of a
    trusted issuer. (LP: #817199)
    - Patch obtained from Debian (2.3-2+squeeze1)
    - CVE-2011-1411
 -- Joshua Daniel Franklin <email address hidden> Thu, 28 Jul 2011 14:50:45 -0700