This bug was fixed in the package shibboleth-sp - 3.0.4+dfsg1-1ubuntu0.1
--------------- shibboleth-sp (3.0.4+dfsg1-1ubuntu0.1) focal-security; urgency=high
* SECURITY UPDATE: Fix a phishing vulnerability: Template generation allows external parameters to override placeholders (LP: #1919419) - debian/patches/SSPCPP-922-Add-externalParameters-option-to-Errors- element.patch: Add externalParameters option to Errors element - https://shibboleth.net/community/advisories/secadv_20210317.txt - https://issues.shibboleth.net/jira/browse/SSPCPP-922 - CVE-2021-28963
-- Etienne Dysli Metref <email address hidden> Thu, 18 Mar 2021 12:22:53 +0100
This bug was fixed in the package shibboleth-sp - 3.0.4+dfsg1- 1ubuntu0. 1
--------------- dfsg1-1ubuntu0. 1) focal-security; urgency=high
shibboleth-sp (3.0.4+
* SECURITY UPDATE: Fix a phishing vulnerability: Template generation patches/ SSPCPP- 922-Add- externalParamet ers-option- to-Errors- patch: Add externalParameters option to Errors element /shibboleth. net/community/ advisories/ secadv_ 20210317. txt /issues. shibboleth. net/jira/ browse/ SSPCPP- 922
allows external parameters to override placeholders (LP: #1919419)
- debian/
element.
- https:/
- https:/
- CVE-2021-28963
-- Etienne Dysli Metref <email address hidden> Thu, 18 Mar 2021 12:22:53 +0100