Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To:
Subject: Accepted shibboleth-sp 3.0.4+dfsg1-1+deb10u2 (source) into stable->embargoed, stable
Date: Tue, 27 Apr 2021 19:37:12 +0000
Signed by: Ferenc Wágner <wferi@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 26 Apr 2021 15:37:15 +0200
Source: shibboleth-sp
Architecture: source
Version: 3.0.4+dfsg1-1+deb10u2
Distribution: buster-security
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel@lists.alioth.debian.org>
Changed-By: Ferenc Wágner <wferi@debian.org>
Closes: 987608
Changes:
 shibboleth-sp (3.0.4+dfsg1-1+deb10u2) buster-security; urgency=high
 .
   * [2dd45b3] New patch: SSPCPP-927 - Check for missing DataSealer during
     cookie recovery.
     Fix a denial of service vulnerability: Session recovery feature contains
     a null pointer dereference
     The cookie-based session recovery feature added in V3.0 contains a
     flaw that is exploitable on systems *not* using the feature if a
     specially crafted cookie is supplied.
     This manifests as a crash in the shibd daemon.
     Because it is very simple to trigger this condition remotely, it
     results in a potential denial of service condition exploitable by
     a remote, unauthenticated attacker.
     Thanks to Scott Cantor (Closes: #987608)
Checksums-Sha1:
 aa91efd3b9c6f26b0ad95dfae340a49f41e8923c 3034 shibboleth-sp_3.0.4+dfsg1-1+deb10u2.dsc
 936ea173fc1b0c9998f657b897650b9f7fdd84d1 79896 shibboleth-sp_3.0.4+dfsg1-1+deb10u2.debian.tar.xz
 d74e5e9b65ef48c88c4294cf5a0d0ece4da1667c 14116 shibboleth-sp_3.0.4+dfsg1-1+deb10u2_amd64.buildinfo
Checksums-Sha256:
 82ce3e5b624c34754807c76a70fc5549dc535e9c5d01af396b76966d9f9cf39d 3034 shibboleth-sp_3.0.4+dfsg1-1+deb10u2.dsc
 01a3257b10e940430af70754daeccc29c08c091ae04a1fd519ff67cefb83b878 79896 shibboleth-sp_3.0.4+dfsg1-1+deb10u2.debian.tar.xz
 74fdf85b4918fd5867fc5c858dd13c222327ca9dda34ed8901c1187ff07c0d56 14116 shibboleth-sp_3.0.4+dfsg1-1+deb10u2_amd64.buildinfo
Files:
 f74cbb538977ef3921821dd62ca772df 3034 web optional shibboleth-sp_3.0.4+dfsg1-1+deb10u2.dsc
 2cf9a7879a9838f4cdf8f0d023e957c4 79896 web optional shibboleth-sp_3.0.4+dfsg1-1+deb10u2.debian.tar.xz
 22afb3d6e117204e01b703a96a5750d2 14116 web optional shibboleth-sp_3.0.4+dfsg1-1+deb10u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEwddEx0RNIUL7eugtOsj3Fkd+2yMFAmCGwyoACgkQOsj3Fkd+
2yMYoA//QzDdBzy8ibufj0OP+eFfZ3OUzg9payDQt0AVf0y1tWc1qRlfiYQef2tK
gZgkx0f612C2nbL9fvqLgpzpCbFAQNYkM4oGbF2gV+ID/sJ+ejAgFIMutGsgCBjW
/VXr3HBkEj5M39X3EJI/Fn/ba+OGCi93v00TQhN2ZawZ/PdnZKqy4n/NBD+JFnQd
g98/B+6thQZLgepdUNRCZfxc6sgwlsAi3eWHbPQEoOu/UDBNgOPtrs6RoVqSWwVy
1p+KuiYJa6BDwPbvNQEWPa1epTd1Z53E/fDe6A4bficW20Go3GkbX7Z5XXxkhH5p
webYb6fsJiG9+0lGnepInl+BBrbcb4H3aoVH9hG31xiJTO1ay3aLDSrUsjMSJCrF
nfcswAlYcQJUnUqAWcS3tz2L/BhMYPH4ina3AG/zWZimYxJiVfGpEbKFRIzmYThC
Pc11mcQFrXCfg4KAsWxwyeRwU2xeBt1IEBkivusOufPjWw0UJ8mB/li69bkWdWeH
LMOP5niAVczIKgNjnTURn9DTDIV/uUq8BWEIgu1aMFMVNCyRjd57jaFrvuMmZCdh
knBWwxkhZoQ5Q7I9f7UW0vtUqSqxyHmMDq70EuWPRqjkD4jCePpDqd2OuWUmfpXB
kn4Mn7cMP6r+MZwrDqKJEOOYUwQULmH5Dvii/LqwOCWJ0APgl98=
=rii5
-----END PGP SIGNATURE-----
News for package shibboleth-sp
