Hi Salvatore,

Thank you for the report. Looking at the commit r1680 mentioned on the
security tracker I fail to see how it addresses the vulnerability
described. I suspect this is actually a vulnerability in a dependency
shared by opensaml and idp (maybe xmltooling which contains the
PKIXValidationInformationResolver class, or shib-common with a recent
commit referring to the same SIDP-624 issue [1]).

Emmanuel Bourg


This is the maintainer address of Debian's Java team
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to