Package : shibboleth-sp2 Version : 2.3.1+dfsg-5+deb6u1 CVE ID : CVE-2015-2684 A denial of service vulnerability was found in the Shibboleth (an federated identity framework) Service Provider. When processing certain malformed SAML message generated by an authenticated attacker, the daemon could crash. For the Debian 6 “Squeeze” distribution, this problem has been fixed in version 2.3.1+dfsg-5+deb6u1. We recommend that you upgrade your shibboleth-sp2 packages. -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/
Attachment:
signature.asc
Description: Digital signature