Comment 3 for bug 1732606

The patch proposed by the Shibboleth developers is simple enough and would appear to apply to earlier versions. Indeed, the bug has already been patched in Debian stretch (2.6.0+dfsg1-4+deb9u1) and jessie (2.5.3+dfsg-2+deb8u1) which appear to be the original packages from which these derive. The Debian bug report is at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881857

Having spent most of my career working with FreeBSD (which has a completely different package model), I'm not confident in my understanding of the relationship between Debian and Ubuntu or of my ability to adequately deal with repackaging this.