This bug was fixed in the package shibboleth-sp - 3.0.4+dfsg1-1ubuntu0.1
---------------
shibboleth-sp (3.0.4+dfsg1-1ubuntu0.1) focal-security; urgency=high
* SECURITY UPDATE: Fix a phishing vulnerability: Template generation
allows external parameters to override placeholders (LP: #1919419)
- debian/patches/SSPCPP-922-Add-externalParameters-option-to-Errors-
element.patch: Add externalParameters option to Errors element
- https://shibboleth.net/community/advisories/secadv_20210317.txt
- https://issues.shibboleth.net/jira/browse/SSPCPP-922
- CVE-2021-28963
-- Etienne Dysli Metref <[email protected]> Thu, 18 Mar
2021 12:22:53 +0100
** Changed in: shibboleth-sp (Ubuntu)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1919419
Title:
Phishing vulnerability: Template generation allows external parameters
to override placeholders
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shibboleth-sp/+bug/1919419/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
