Your message dated Mon, 18 Jan 2016 10:01:14 +0000 with message-id <e1al6cc-0005v9...@franck.debian.org> and subject line Bug#794851: fixed in opensaml2 2.5.5-1 has caused the Debian Bug report #794851, regarding CVE-2015-0851: shibboleth-sp2 needs to be rebuilt against new xmltooling to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 794851: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794851 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: opensaml2 Version: 2.5.3-2 Severity: serious Tags: security The upstream security advisory for CVE-2015-0851 (see #793855) states in part: "Correcting this bug requires that the OpenSAML library be rebuilt against the corrected version of the XMLTooling-C library, which is normally assured by obtaining updates to both." This is presumably related to the fact that the patch to xmltooling touches preprocessor macros defined in <xmltooling/base.h>. Specifically, the macro IMPL_INTEGER_ATTRIB is referenced several times on OpenSAML2 source code. The same macro also appears once in the source code for package shibboleth-sp2, making it also a candidate for recompilation. (Feel free to clone this bug if needed.)
--- End Message ---
--- Begin Message ---Source: opensaml2 Source-Version: 2.5.5-1 We believe that the bug you reported is fixed in the latest version of opensaml2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 794...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Ferenc Wágner <wf...@niif.hu> (supplier of updated opensaml2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 15 Jan 2016 12:36:52 +0100 Source: opensaml2 Binary: libsaml8v5 libsaml2-dev opensaml2-tools opensaml2-schemas libsaml2-doc Architecture: source amd64 all Version: 2.5.5-1 Distribution: unstable Urgency: medium Maintainer: Debian Shib Team <pkg-shibboleth-de...@lists.alioth.debian.org> Changed-By: Ferenc Wágner <wf...@niif.hu> Description: libsaml2-dev - Security Assertion Markup Language library (development) libsaml2-doc - Security Assertion Markup Language library (API docs) libsaml8v5 - Security Assertion Markup Language library (runtime) opensaml2-schemas - Security Assertion Markup Language library (XML schemas) opensaml2-tools - Security Assertion Markup Language command-line tools Closes: 794851 797623 Changes: opensaml2 (2.5.5-1) unstable; urgency=medium . [ Russ Allbery ] * [973b999] Disable forcing of libtool --silent . [ Ferenc Wágner ] * [d6aeea7] Add debian/gbp.conf for DEP-14 layout * [470ce76] Convert our single upstream patch into a gbp patch queue * [ecdaabb] Run wrap-and-sort -ast on the package * [7b69f53] Correct my name in Uploaders * [3662b4c] Switch watch file to check for bzip-compressed archives * [b50fd9b] Check signature in watch file * [7cf3194] New upstream release (Closes: #794851) * [39cb932] Rename libsaml8 package to libsaml8v5 (Closes: #797623) * [f86c155] dh_auto_configure uses --disable-dependency-tracking by default * [17ccfe8] The default compressor is xz since jessie * [1a6d0e6] Enable all hardening features * [ea4722b] Update Standards-Version to 3.9.6 (no changes needed) * [fbcd266] Replacing the jquery.js embedded by Doxygen risks breaking the docs * [8752a86] No need to separate the doc-base files by extension * [3d02cde] Use a fresher m4/ax_create_pkgconfig_info.m4 * [cfc875a] Ship the installed documentation, not the one from the build tree * [1ee8adf] Update debian/copyright Checksums-Sha1: ef28f805327af5f7a72e69295f2b9e5e1187e8bb 2063 opensaml2_2.5.5-1.dsc 51da7830a815faf4d9f6a8c9cbe9476679b79e8e 558742 opensaml2_2.5.5.orig.tar.bz2 c266d118c230bbd93b20ea73b4f5ec3757310330 50096 opensaml2_2.5.5-1.debian.tar.xz 938921934a10709a5ca256d369dd56f246db69cd 44158 libsaml2-dev_2.5.5-1_amd64.deb 035a99666c521498df1459423624426ed27dabdf 315932 libsaml2-doc_2.5.5-1_all.deb b11e51b7cf83d60dd088e1984d0ddd29d558f4bb 9382894 libsaml8v5-dbgsym_2.5.5-1_amd64.deb 3c468200911ae61fe05657e416416a0d03784ebc 795562 libsaml8v5_2.5.5-1_amd64.deb 9cd7fb7a8f018408ade4666dc9248dfd281b2d07 26590 opensaml2-schemas_2.5.5-1_all.deb b2904500482eade1ab643b85de9c79edf06ab690 169618 opensaml2-tools-dbgsym_2.5.5-1_amd64.deb adffa0997175d9cd6ff1f25477aaca0a7df12776 25464 opensaml2-tools_2.5.5-1_amd64.deb Checksums-Sha256: 82f7faf8cc094e3f7279545ef7336a533835debd6a8c8a18855150589c93500b 2063 opensaml2_2.5.5-1.dsc acb37b1d55e0ba9ea15f3c79595a79b852d12f19b81d00bd61b13e83c9c6accc 558742 opensaml2_2.5.5.orig.tar.bz2 7d396af610408198a40ddcf865bdb84cfaaefbedceb6ef7b1dee0efcf76fa75b 50096 opensaml2_2.5.5-1.debian.tar.xz 6b0c87649e0ccf581bbe20687daf14d4f56cc0e9c59ea67019d16a85c8663f07 44158 libsaml2-dev_2.5.5-1_amd64.deb 4a98c20c3b29eff0dd507cccd63191e1a5541c1f0f326f6ad3d86e5d86e5f4a3 315932 libsaml2-doc_2.5.5-1_all.deb ceed106cd6a12273ba31c38c4aae06bcfbcb66484bf650849e46fe17ff28d25b 9382894 libsaml8v5-dbgsym_2.5.5-1_amd64.deb 70706e8b7250bc6a1945ae0f5627e1b2a8b427866400335d56ca595b23aa4db2 795562 libsaml8v5_2.5.5-1_amd64.deb 4c66bbfe00dcb1dc24f77f0eb77b3e894ca4017cdf0c1c71cac9e21b41a37bcb 26590 opensaml2-schemas_2.5.5-1_all.deb 1effed8f05d45ac46b8bd2f60ea67d420216b562df84c42348fa01197a0375e5 169618 opensaml2-tools-dbgsym_2.5.5-1_amd64.deb 80f5caaa6d448ce0e624c12859b271e800d3911f74855460af93ca353b8d1040 25464 opensaml2-tools_2.5.5-1_amd64.deb Files: 0baea5f2e45af3ec838306f776cd1992 2063 libs extra opensaml2_2.5.5-1.dsc 8f0f6d07ab43f54349a6ad1e525834fd 558742 libs extra opensaml2_2.5.5.orig.tar.bz2 4616d46e108c63943892dc0f9a033067 50096 libs extra opensaml2_2.5.5-1.debian.tar.xz ec028f3a2a7b8018dd9c663ebd9eb624 44158 libdevel extra libsaml2-dev_2.5.5-1_amd64.deb 9608e31eddfc8cbb2ee1e57a4d01f606 315932 doc extra libsaml2-doc_2.5.5-1_all.deb b97d2e40921638ad52a01ad37e474d58 9382894 debug extra libsaml8v5-dbgsym_2.5.5-1_amd64.deb 5dc2016be49f542f9c62996bfb62f46e 795562 libs extra libsaml8v5_2.5.5-1_amd64.deb a16ebd4bf1a58900c4932819b72574dc 26590 text extra opensaml2-schemas_2.5.5-1_all.deb 0c5d9037aed548732de6331aaa0480b0 169618 debug extra opensaml2-tools-dbgsym_2.5.5-1_amd64.deb 59089ee94f1bab712e24537017f86dd2 25464 text extra opensaml2-tools_2.5.5-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJWm9M6AAoJEH2AMVxXNt51z+0H/jff6sduk4XObmdn+EAWqr0R esfIBTXz6J40utduyzcqNnbNiNu5yw0VKLgujZXfgFXzDSOPnnrjlbmWtsBKC2En +fE/nzYUqC1a132Jn5g2cZeffPzfY76Xx46dCVvHgsyi/CQxJR/oc3AsZ6nt8K+G iRtEph8jZMbxU9pvQzsYdG93l6OIqeKv53JKLKIlxass4s7Vimy1SnAXHOLu7Szm FbR/5Q0EhNoelURhpOwcKLLh+Jp1oqnYyhgPPsaLvHmCap6nVKd+MTUzQUOH9RKQ MAiGJJb/6OfUzeonqlD33+TwrDFwGHIOYdeQY6GGb7OOYvpRi80o12er/rDVlXA= =oF9H -----END PGP SIGNATURE-----
--- End Message ---
