unsubscribe end On Sat, Aug 8, 2015 at 3:18 AM, Alessandro Ghedini <[email protected]> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > - ------------------------------------------------------------------------- > Debian Security Advisory DSA-3321-2 [email protected] > https://www.debian.org/security/ Alessandro Ghedini > August 08, 2015 https://www.debian.org/security/faq > - ------------------------------------------------------------------------- > > Package : opensaml2 > CVE ID : CVE-2015-0851 > Debian Bug : 794851 > > It was discovered that opensaml2, a Security Assertion Markup Language > library, needed to be rebuilt against a fixed version of the xmltooling > package due to its use of macros vulnerable to CVE-2015-0851 as fixed in > the DSA 3321-1 update. For reference the original advisory text follows. > > The InCommon Shibboleth Training team discovered that XMLTooling, a > C++ XML parsing library, did not properly handle an exception when > parsing well-formed but schema-invalid XML. This could allow remote > attackers to cause a denial of service (crash) via crafted XML data. > > For the oldstable distribution (wheezy), this problem has been fixed > in version 2.4.3-4+deb7u1. > > For the stable distribution (jessie), this problem has been fixed in > version 2.5.3-2+deb8u1. > > For the testing distribution (stretch), this problem has been fixed > in version $stretch_VERSION. > > For the unstable distribution (sid), this problem has been fixed in > version $UNSTABLE_VERSION. > > We recommend that you upgrade your opensaml2 packages. > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: https://www.debian.org/security/ > > Mailing list: [email protected] > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQIcBAEBCgAGBQJVxddYAAoJEK+lG9bN5XPLgl0P/jqYjaW7MRUFbyNzPgUqqOz5 > OzA2dUrr4HpkoGl99EwROHdqhbRPZEmONxfwW3FSe1VpWar6gT2xkr7ovBuxFa6k > fX38CSeWIO4olpHDhPBKWcEMYlRptOzWXsEz5e3VPVOyUSxUhYPC/MY7WiLdenwZ > F7wmpOVhuGpy2DXneUHo2XT+pOmUaj8i2Lioc1qZVBMFpMqg2OkPCuxj0KbdGfNi > q0AyUJ6otqFSB2GeTIyVGXn9DBDel6XL4B97lWAN8MqFKM1x4wDYO17OMhXLiQ85 > srjJcM9bq79zWmyYPC72/E3+iHODkR4e31YySFkXnGONgQ0zzg+4D2SGJHgwJpJk > jfPPXGdEeMwguo0jMQRxFeCMmoybjB8lKtIeKcq3ZVW4wIrKy1Qg6vnOlzfIsGfx > 1i6FIb/dh17Yh+jvFFaYfM7Qv9tDuvTm3qAk+hyhktX6V3ddMZlWjAmsbToZZF5U > HUGDmKx7/3gnaCvPJZz5aGdlJ3jtKY1DW1yj91J0LGqOH+LrlrBg5J2bPVyB+Hq/ > bSU4s4k4OSmo3cSoWrCEX4dpyfvjJrN15w77Li9gWA7HXI5Vty0Ser1+nJy4c0Nj > lcTcSAdqnzAwuwAlhbBrC/whNchJ5tU3huwbyDIzgaNlAGCVs2f4drrjC9XoCkKL > 897k2igFbSLklsZSC/jY > =rakm > -----END PGP SIGNATURE----- > > > -- > To UNSUBSCRIBE, email to [email protected] > with a subject of "unsubscribe". Trouble? Contact > [email protected] > Archive: > https://lists.debian.org/[email protected] > > > -- James Perkins <[email protected]> KN1X www.loowit.net/~james 2094 Arthur St, Eugene, OR 97405 +1.971.344.3969 mobile
