[Bug 1926250] Re: CVE-2021-31826: Session recovery feature contains a null pointer deference
This bug was fixed in the package shibboleth-sp - 3.0.4+dfsg1-1ubuntu0.2 --- shibboleth-sp (3.0.4+dfsg1-1ubuntu0.2) focal-security; urgency=high * SECURITY UPDATE: Session recovery feature contains a null pointer deference (LP: #1926250) - debian/patches/SSPCPP-927-Check-for-missing-DataSealer-during-cookie- rec.patch: Check for missing DataSealer during cookie recovery - https://shibboleth.net/community/advisories/secadv_20210426.txt - https://issues.shibboleth.net/jira/browse/SSPCPP-927 - CVE-2021-31826 -- Etienne Dysli Metref Thu, 10 Jun 2021 11:30:02 +0200 ** Changed in: shibboleth-sp (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926250 Title: CVE-2021-31826: Session recovery feature contains a null pointer deference To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shibboleth-sp/+bug/1926250/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1926250] Re: CVE-2021-31826: Session recovery feature contains a null pointer deference
Hi Etienne, Thanks for preparing the debdiff, it looks fine. I've gone ahead and uploaded it to the https://launchpad.net/~ubuntu-security- proposed/+archive/ubuntu/ppa/ where builds should appear shortly. Any testing of the built packages would be appreciated. Thanks again! ** Changed in: shibboleth-sp (Ubuntu) Status: New => In Progress ** Changed in: shibboleth-sp (Ubuntu) Assignee: (unassigned) => Steve Beattie (sbeattie) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926250 Title: CVE-2021-31826: Session recovery feature contains a null pointer deference To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shibboleth-sp/+bug/1926250/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1926250] Re: CVE-2021-31826: Session recovery feature contains a null pointer deference
** Changed in: shibboleth-sp (Ubuntu) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926250 Title: CVE-2021-31826: Session recovery feature contains a null pointer deference To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shibboleth-sp/+bug/1926250/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1926250] Re: CVE-2021-31826: Session recovery feature contains a null pointer deference
Patch for focal copied from Debian buster's 3.0.4 security fix. Please review! :) ** Patch added: "Patch for focal" https://bugs.launchpad.net/ubuntu/+source/shibboleth-sp/+bug/1926250/+attachment/5503831/+files/1-3.0.4+dfsg1-1ubuntu0.2.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926250 Title: CVE-2021-31826: Session recovery feature contains a null pointer deference To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shibboleth-sp/+bug/1926250/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1926250] Re: CVE-2021-31826: Session recovery feature contains a null pointer deference
** Changed in: shibboleth-sp (Debian) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926250 Title: CVE-2021-31826: Session recovery feature contains a null pointer deference To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shibboleth-sp/+bug/1926250/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1926250] Re: CVE-2021-31826: Session recovery feature contains a null pointer deference
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-31826 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926250 Title: CVE-2021-31826: Session recovery feature contains a null pointer deference To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shibboleth-sp/+bug/1926250/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1926250] Re: CVE-2021-31826: Session recovery feature contains a null pointer deference
** Changed in: shibboleth-sp (Debian) Status: Unknown => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926250 Title: CVE-2021-31826: Session recovery feature contains a null pointer deference To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shibboleth-sp/+bug/1926250/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs