Comment 6 for bug 1919419

This bug was fixed in the package shibboleth-sp - 3.0.4+dfsg1-1ubuntu0.1

---------------
shibboleth-sp (3.0.4+dfsg1-1ubuntu0.1) focal-security; urgency=high

  * SECURITY UPDATE: Fix a phishing vulnerability: Template generation
    allows external parameters to override placeholders (LP: #1919419)
    - debian/patches/SSPCPP-922-Add-externalParameters-option-to-Errors-
      element.patch: Add externalParameters option to Errors element
    - https://shibboleth.net/community/advisories/secadv_20210317.txt
    - https://issues.shibboleth.net/jira/browse/SSPCPP-922
    - CVE-2021-28963

 -- Etienne Dysli Metref <email address hidden> Thu, 18 Mar 2021 12:22:53 +0100