Source: libopensaml2-java Version: 2.6.2-1 Severity: grave Tags: security upstream fixed-upstream
Hi, the following vulnerability was published for libopensaml2-java. Note that I don't know libopensaml2-java well enough, so could you assess if this affeccts Debian as well, and if the severity is approriate (if not please feel free to downgrade it). Information follows: CVE-2015-1796: PKIX Trust Engines Exhibit Critical Flaw In Trusted Names Evaluation If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see:  https://security-tracker.debian.org/tracker/CVE-2015-1796  http://shibboleth.net/community/advisories/secadv_20150225.txt Regards, Salvatore __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.