opensaml2 has been fixed in all releases (see
https://launchpad.net/ubuntu/+source/opensaml2) except for the devel
release (bionic), which will be addresses when the debian autosync pulls
2.6.1-1 from debian.
shibboleth-sp2 still needs to be fixed in trusty and xenial, if someone
wants to step up to prepare the fixes for that, as well as for bionic,
which will again be addressed when the autosync process pulls
2.6.1+dfsg1-1 from debian.
** Also affects: opensaml2 (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: shibboleth-sp2 (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: opensaml2 (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: shibboleth-sp2 (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: shibboleth-sp2 (Ubuntu Trusty)
Status: New => Triaged
** Changed in: shibboleth-sp2 (Ubuntu Xenial)
Status: New => Triaged
** Changed in: opensaml2 (Ubuntu Trusty)
Status: New => Fix Released
** Changed in: opensaml2 (Ubuntu Xenial)
Status: New => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-16853
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1732606
Title:
CVE-2017-16852 Shibboleth Service Provider Security Advisory [15
November 2017]
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/opensaml2/+bug/1732606/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
