Package: opensaml2 Version: 2.5.3-2 Severity: serious Tags: security The upstream security advisory for CVE-2015-0851 (see #793855) states in part: "Correcting this bug requires that the OpenSAML library be rebuilt against the corrected version of the XMLTooling-C library, which is normally assured by obtaining updates to both."
This is presumably related to the fact that the patch to xmltooling touches preprocessor macros defined in <xmltooling/base.h>. Specifically, the macro IMPL_INTEGER_ATTRIB is referenced several times on OpenSAML2 source code. The same macro also appears once in the source code for package shibboleth-sp2, making it also a candidate for recompilation. (Feel free to clone this bug if needed.) -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
