[SECURITY] [DLA 1178-1] opensaml2 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1178-1] opensaml2 security update
From: Markus Koschany <apo@debian.org>
Date: Sat, 18 Nov 2017 21:19:49 +0100
Message-id: <[🔎] 3c1b83cd-9449-3131-2ee9-158751b64c69@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : opensaml2
Version        : 2.4.3-4+deb7u2
CVE ID         : CVE-2017-16853
Debian Bug     : 881856

Rod Widdowson of Steading System Software LLP discovered a coding error
in the OpenSAML library, causing the DynamicMetadataProvider class to
fail configuring itself with the filters provided and omitting whatever
checks they are intended to perform.

For Debian 7 "Wheezy", these problems have been fixed in version
2.4.3-4+deb7u2.

We recommend that you upgrade your opensaml2 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAloQleRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeRajA/+IYRrer8hw2y60hWa/+nCwkVlBoT13nfX6o2zYNnX+mr8FCnSkJauo6BG
ElCG3OVLdw9wItvfQLmgYCcmqb8hiv+C4R5JUYi2W3od8sRfFsE5BEfKEQ1x9cEX
V/0L4jjsMCdwM9w45CKFvklMEDusa6NOjBn9j++c5U9mNDgh1FR+6RyVyVPkJEJR
ws6WYR5pkLVyYK9UsZw9J/uo5GvlqHkaHM68hTN+hIRzzMaceFr9FqsO37eDjL+p
Lb3Y0y0KnW5UDZhZFIyY0ssQqtgI8Eso1aCacxAOWF41snq8Okev/HuqSEC+DBzs
pGH5Uy5R4QFqRV0rPwqvOexQrZunjCX18t1eww4usoB4ZrE0MAFFy0gJmKuW6MIp
qYbkNL4JFLyxZi/9ceduK8gu2qnOHvNwnv/lXjQ7xj0UBg83hrrn7myWb6PRaSg4
HsfSyrQYKfECuU14wUNgngOORQ/kN/aWni3aZoJPxGy+eZ0nMKYxyvqPyXhno3Es
hNW0DCqwmdHnlTE6c0pUQ/+7rYUnCwKFfzAPtmbifFrSdlotW9MJEKDIBP4JWaxn
ppyOhUp/acdwnqhCoSEKA/7Mu99l40wEWpwZ57TJMIN3wpHeZe3QfU3gxi/vIo6j
BtfY00GMQ0jlMAvZWyYrsSAX2kLwK8CEw+uC6fNJn3tNjsoCMgo=
=D/hF
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1177-1] poppler security update
Next by Date: [SECURITY] [DLA 1179-1] shibboleth-sp2 security update
Previous by thread: [SECURITY] [DLA 1177-1] poppler security update
Next by thread: [SECURITY] [DLA 1179-1] shibboleth-sp2 security update
Index(es):
- Date
- Thread