Public bug reported:
[MIR] libapache2-mod-auth-mellon [Availability] Currently in universe. [Rationale] This module is required for OpenStack Keystone Federation: http://docs.openstack.org/developer/keystone/configure_federation.html [Security] No security history. [Quality Assurance] Package works out of the box with no prompting. There are no major bugs in Ubuntu and there are no major bugs in Debian. [Dependencies] All are in main except for liblasso3. [Standards Compliance] FHS and Debian Policy compliant. [Maintenance] Simple package that the OpenStack Team will take care of. [Background] mod_auth_mellon is a authentication module for Apache. It authenticates the user against a SAML 2.0 IdP, and grants access to directories depending on attributes received from the IdP -------- [MIR] liblasso3 (lasso) [Availability] Currently in universe. [Rationale] liblasso3 is required by libapache2-mod-auth-mellon. [Security] CVE-2012-6426 LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data. CVE-2009-0050 Lasso 2.2.1 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. CVE-2005-2605 Unknown vulnerability in Lasso Professional Server8.0.4 and 8.0.5 allows attackers to bypass authentication, related to [Auth] tags. CVE-2002-2118 Buffer overflow in Blue World Lasso Web Data Engine 3.6.5 allows remote attackers to cause a denial of service via a long URL. CVE-1999-1250 Vulnerability in CGI program in the Lasso application by Blue World, as used on WebSTAR and other servers, allows remote attackers to read arbitrary files. [Quality Assurance] Package works out of the box with no prompting. There are no major bugs in Ubuntu and there are no major bugs in Debian. [Dependencies] All are in main. [Standards Compliance] FHS and Debian Policy compliant. [Maintenance] The OpenStack Team will take care of this package. [Background] Lasso (Liberty Alliance Single Sign-On) is a free (GNU GPL) implementation of the Liberty Alliance specifications. Those define processes for federated identities, single sign-on and related protocols. Lasso provides both a C library and bindings for different languages. homepage: http://lasso.entrouvert.or ** Affects: lasso (Ubuntu) Importance: Undecided Status: New ** Affects: libapache2-mod-auth-mellon (Ubuntu) Importance: Undecided Status: New ** Package changed: ubuntu => libapache2-mod-auth-mellon (Ubuntu) ** Also affects: lasso (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1610286 Title: [MIR] libapache2-mod-auth-mellon, liblasso3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lasso/+bug/1610286/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
