opensaml2 has been fixed in all releases (see https://launchpad.net/ubuntu/+source/opensaml2) except for the devel release (bionic), which will be addresses when the debian autosync pulls 2.6.1-1 from debian.
shibboleth-sp2 still needs to be fixed in trusty and xenial, if someone wants to step up to prepare the fixes for that, as well as for bionic, which will again be addressed when the autosync process pulls 2.6.1+dfsg1-1 from debian. ** Also affects: opensaml2 (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: shibboleth-sp2 (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: opensaml2 (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: shibboleth-sp2 (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: shibboleth-sp2 (Ubuntu Trusty) Status: New => Triaged ** Changed in: shibboleth-sp2 (Ubuntu Xenial) Status: New => Triaged ** Changed in: opensaml2 (Ubuntu Trusty) Status: New => Fix Released ** Changed in: opensaml2 (Ubuntu Xenial) Status: New => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-16853 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1732606 Title: CVE-2017-16852 Shibboleth Service Provider Security Advisory [15 November 2017] To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/opensaml2/+bug/1732606/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs