Your message dated Mon, 30 Mar 2020 14:48:39 +0000
with message-id <[email protected]>
and subject line Bug#955354: fixed in lasso 2.6.0-8
has caused the Debian Bug report #955354,
regarding liblasso3: crashes on parsing AuthnContextDecl
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
955354: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=955354
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: liblasso3
Version: 2.6.0-2+b2
Severity: important
Tags: fixed-upstream
Hi,
We're using lasso with libapache2-mod-auth-mellon and it crashes every
time an IdP sends a (valid) AuthnContextDecl.
This has been fixed meanwhile upstream, which I've verified solves the
problem: https://dev.entrouvert.org/issues/25640
There is however not a new Lasso release yet (or has been for a while
now). Can you incorporate the required patch in Debian so mellon does
not crash on these IdPs?
Thanks,
Thijs
-- System Information:
Debian Release: 10.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-11-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages liblasso3 depends on:
ii libc6 2.28-10
ii libglib2.0-0 2.58.3-2+deb10u2
ii libssl1.1 1.1.1d-0+deb10u2
ii libxml2 2.9.4+dfsg1-7+b3
ii libxmlsec1 1.2.27-2
ii libxmlsec1-openssl 1.2.27-2
ii libxslt1.1 1.1.32-2.2~deb10u1
ii zlib1g 1:1.2.11.dfsg-1
liblasso3 recommends no packages.
liblasso3 suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: lasso
Source-Version: 2.6.0-8
Done: Frederic Peters <[email protected]>
We believe that the bug you reported is fixed in the latest version of
lasso, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Frederic Peters <[email protected]> (supplier of updated lasso package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 30 Mar 2020 15:55:54 +0200
Source: lasso
Architecture: source
Version: 2.6.0-8
Distribution: unstable
Urgency: medium
Maintainer: Frederic Peters <[email protected]>
Changed-By: Frederic Peters <[email protected]>
Closes: 955354
Changes:
lasso (2.6.0-8) unstable; urgency=medium
.
* d/p/fix-parsing-of-saml-authncontext.diff: import upstream commit
to fix parsing of saml:AuthnContextDecl (closes: #955354)
Checksums-Sha1:
62c04a776d8d28c9caa6c4839bd8ab085e88dad1 2046 lasso_2.6.0-8.dsc
f7d4e099d5f3cbf9ee5da0c25b586b6807ee8142 18812 lasso_2.6.0-8.debian.tar.xz
4d0942336430ea5e7da0b693ad21f9f58ee73ee1 8380 lasso_2.6.0-8_source.buildinfo
Checksums-Sha256:
9bfb9d74f108d2a80f80596f2873d4e53db53f81fdb767b99dc2a49165f97152 2046
lasso_2.6.0-8.dsc
b6f9b16bc905403b4fa3465d3130877dc395587cd0c89cf3d7b8a30cca1db3e3 18812
lasso_2.6.0-8.debian.tar.xz
b12c17a30157672c2c3cc910c57313d5614ea7880c86b8ae33724ebc8adbcedb 8380
lasso_2.6.0-8_source.buildinfo
Files:
b897a50ac9cf6b3298bc926582ce6201 2046 libs optional lasso_2.6.0-8.dsc
251b6c5c6f7f6ed40462a2238f9471b9 18812 libs optional
lasso_2.6.0-8.debian.tar.xz
3d4f0d0ceb2f06984378670da514019f 8380 libs optional
lasso_2.6.0-8_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEcUkUffL0auA9VW47KukB5ccCGNIFAl6CASEACgkQKukB5ccC
GNLJxBAAgO4L7FGN6g2EzRyYboifFTHqvYJWD3ioxm8VWr1GDmpU2DyzKPsV8RBq
tXyjtQv+qb2dYwS/mW/bLn14T9ZtErwTTZDJEmRVvkg3UyGFfOy57bd6o85OGJHy
deM3VYHW9tliB9TjGwnvBN+OAg4GFUGjunNsvux7fAhL0IlxCOrn/eyHn2s16Z+o
OcgSlFPjkq9B1WS7ar/elD3UmX18DbkL3JtdcMm7fy2FfaUAJ29OIqaspsVa7tiR
Un7PX1aArMiY2bJZY28rUN8FY5ZeKbw8X2R3D+Hym9DaQV8Bae53GxFIfK0WSc8w
Fj3tTT5HkgfP9AfGUU9pNwhp8aOdAu8VV9AGXPehAg7avSmxVDTp8z70B9bj5xCb
oV4fEwLc6M3+4bmWDJ4UUEqrKwuHR+N8R0A3wdTl4XvbvUwqvi+dDRq7IiNlOY83
OeSUmiHQoNuhhptih2VmPxBewTdNgT9f0GPB3uqDoYU3ON4XtatJOXe+jTwCX735
NyNl8qwPMqxfWS8iK6YnjQDjySLFIqd/1WpSqP0zEkE2TUAugd01ZdMcE9sfmq+e
bBuQvL0guqgHmgs176C5wAszH2EGIGvZQbqM2D6gFRlNz7ZyXdQzUorl+qqYPWrD
2SsN4iO1F9osEhQ9pKBdrAMaFtXDxwZdZVmyCN5t4t6H5rbpaS4=
=XQzt
-----END PGP SIGNATURE-----
--- End Message ---
