-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : opensaml2 Version : 2.4.3-4+deb7u2 CVE ID : CVE-2017-16853 Debian Bug : 881856
Rod Widdowson of Steading System Software LLP discovered a coding error in the OpenSAML library, causing the DynamicMetadataProvider class to fail configuring itself with the filters provided and omitting whatever checks they are intended to perform. For Debian 7 "Wheezy", these problems have been fixed in version 2.4.3-4+deb7u2. We recommend that you upgrade your opensaml2 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAloQleRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRajA/+IYRrer8hw2y60hWa/+nCwkVlBoT13nfX6o2zYNnX+mr8FCnSkJauo6BG ElCG3OVLdw9wItvfQLmgYCcmqb8hiv+C4R5JUYi2W3od8sRfFsE5BEfKEQ1x9cEX V/0L4jjsMCdwM9w45CKFvklMEDusa6NOjBn9j++c5U9mNDgh1FR+6RyVyVPkJEJR ws6WYR5pkLVyYK9UsZw9J/uo5GvlqHkaHM68hTN+hIRzzMaceFr9FqsO37eDjL+p Lb3Y0y0KnW5UDZhZFIyY0ssQqtgI8Eso1aCacxAOWF41snq8Okev/HuqSEC+DBzs pGH5Uy5R4QFqRV0rPwqvOexQrZunjCX18t1eww4usoB4ZrE0MAFFy0gJmKuW6MIp qYbkNL4JFLyxZi/9ceduK8gu2qnOHvNwnv/lXjQ7xj0UBg83hrrn7myWb6PRaSg4 HsfSyrQYKfECuU14wUNgngOORQ/kN/aWni3aZoJPxGy+eZ0nMKYxyvqPyXhno3Es hNW0DCqwmdHnlTE6c0pUQ/+7rYUnCwKFfzAPtmbifFrSdlotW9MJEKDIBP4JWaxn ppyOhUp/acdwnqhCoSEKA/7Mu99l40wEWpwZ57TJMIN3wpHeZe3QfU3gxi/vIo6j BtfY00GMQ0jlMAvZWyYrsSAX2kLwK8CEw+uC6fNJn3tNjsoCMgo= =D/hF -----END PGP SIGNATURE-----
