This bug was fixed in the package opensaml2 - 2.3-1ubuntu0.1
---------------
opensaml2 (2.3-1ubuntu0.1) lucid-security; urgency=high
* SECURITY UPDATE: Fix vulnerability to a "wrapping attack" that could
allow a remote, unauthenticated attacker to craft messages that can be
successfully verified but contain arbitrary content. This may allow
an attacker to subvert the security of software using OpenSAML and
supply an unauthenticated login identity and data under the guise of a
trusted issuer. (LP: #817199)
- Patch obtained from Debian (2.3-2+squeeze1)
- CVE-2011-1411
-- Joshua Daniel Franklin <[email protected]> Thu, 28 Jul 2011
14:50:45 -0700
** Changed in: opensaml2 (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/817199
Title:
opensaml2 security advisory (CVE-2011-1411)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/opensaml2/+bug/817199/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
