Package: shibboleth-sp2 Severity: serious Tags: security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for shibboleth-sp2. CVE-2009-3300[0]: | Multiple cross-site scripting (XSS) vulnerabilities in the Identity | Provider (IdP) 1.3.x before 1.3.4 and 2.x before 2.1.5, and the | Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 | Middleware Initiative Shibboleth allow remote attackers to inject | arbitrary web script or HTML via URLs that are encountered in | redirections, and appear in automatically generated forms. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3300 http://security-tracker.debian.org/tracker/CVE-2009-3300 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkr5XtEACgkQNxpp46476apFCACbBss6JYADgu8V21ve+ETiRWxR udUAn2O3g+VpKRxIbSAT9/pFA/gL851Y =K2dl -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org