Control: found -1 opensaml2/2.4.3-4 Control: fixed -1 opensaml2/2.4.3-4+deb7u1 Control: fixed -1 opensaml2/2.5.3-2+deb8u1
On Fri, Aug 07, 2015 at 12:36:18pm +0200, Sergio Gelato wrote: > Package: opensaml2 > Version: 2.5.3-2 > Severity: serious > Tags: security > > The upstream security advisory for CVE-2015-0851 (see #793855) states > in part: "Correcting this bug requires that the OpenSAML library be > rebuilt against the corrected version of the XMLTooling-C library, > which is normally assured by obtaining updates to both." Yes, sorry for the delay. I just released fixed opensaml2 packages for wheezy and jessie security. Given that unstable is still vulnerable (since a fixed xmltooling version hasn't been uploaded yet), I'll leave this open for now. Cheers
signature.asc
Description: Digital signature
