Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted shibboleth-sp 3.2.2+dfsg1-1 (source) into unstable
Date: Wed, 28 Apr 2021 20:19:04 +0000
Signed by: Ferenc Wágner <wferi@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 27 Apr 2021 12:11:06 +0200
Source: shibboleth-sp
Architecture: source
Version: 3.2.2+dfsg1-1
Distribution: unstable
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel@alioth-lists.debian.net>
Changed-By: Ferenc Wágner <wferi@debian.org>
Closes: 987608
Changes:
 shibboleth-sp (3.2.2+dfsg1-1) unstable; urgency=high
 .
   * [e44283d] New upstream release: 3.2.2
     High urgency because it fixes CVE-2021-31826:
     Session recovery feature contains a null pointer dereference
     The cookie-based session recovery feature added in V3.0 contains a
     flaw that is exploitable on systems *not* using the feature if a
     specially crafted cookie is supplied.
     This manifests as a crash in the shibd daemon.
     Because it is very simple to trigger this condition remotely, it
     results in a potential denial of service condition exploitable by
     a remote, unauthenticated attacker.
     Thanks to Scott Cantor (Closes: #987608)
   * [3a6ac33] Refresh our patches
Checksums-Sha1:
 51abae0103692c6eb756a0684f956236c766bab3 2891 shibboleth-sp_3.2.2+dfsg1-1.dsc
 15d60364156cd8fd2c60db273cba85f5c28bc075 640648 shibboleth-sp_3.2.2+dfsg1.orig.tar.xz
 f185a257f713b667f861b0cbc83f9270618a84c9 42116 shibboleth-sp_3.2.2+dfsg1-1.debian.tar.xz
 cb8f6304381f00faa35b8480e962b646d25065cb 13102 shibboleth-sp_3.2.2+dfsg1-1_amd64.buildinfo
Checksums-Sha256:
 b855713cb278c5d8051cfb248ad7245f58d7182470e8b6c9dec2552697a85fdf 2891 shibboleth-sp_3.2.2+dfsg1-1.dsc
 14d0d2ca03adf44c77ed5e8738d537dbe6e9abe5a3d6f15d403f9b00964c9f00 640648 shibboleth-sp_3.2.2+dfsg1.orig.tar.xz
 6a4d64544ff5f1bf8028b7ba87519ad50237f52ee157aa4d0138dcab542aef0d 42116 shibboleth-sp_3.2.2+dfsg1-1.debian.tar.xz
 7f83a25d57dc84136dba59d6941a4e717d6c03c44121e26054cf2b7d37edddec 13102 shibboleth-sp_3.2.2+dfsg1-1_amd64.buildinfo
Files:
 23f42f6e2552fce639ed5a19ef8a5ce5 2891 web optional shibboleth-sp_3.2.2+dfsg1-1.dsc
 52199338ebf5612425cb2a076c1b7f70 640648 web optional shibboleth-sp_3.2.2+dfsg1.orig.tar.xz
 a60eb96d9fa7c1fa10b31365c9614184 42116 web optional shibboleth-sp_3.2.2+dfsg1-1.debian.tar.xz
 7487cb96684d3aa30e30d25d8200fa62 13102 web optional shibboleth-sp_3.2.2+dfsg1-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEwddEx0RNIUL7eugtOsj3Fkd+2yMFAmCH9WMACgkQOsj3Fkd+
2yOUjBAAkTTaEeeh23gfgCn7o/T9iYso3kd/tI9ek0PGUK0OCnu9ZKZam4fu77Pp
3soyFSzj3Ac2y/cxEv3tDvDPtfikyOe//1/vf3brmJdCcl1IBNLb5ZqnsdpQr3vW
4aa4PKjtbSWnze8aRYicWGCFiCZUpbijZJbPlqcQIwBBELE5Zr95wAMywGYbBoK6
ZDrTWM3InwiTYLNmTwy+ZVPvp+SdvsAX3QYWwGe/4j4oU6kJyCf1VsRHddGMiQBM
KSJqucmMxCSE46ACN/9v686mxEOaXsN9XQQvfrapjLSHWM8iFeuySvdGp57EjJ8I
4Fm7po7x+yFKeOPv/42GSYUE+iPgVvkCtXgtBobscvB5/Q3e/cgx5n2A6QY9w7Kt
juglbnq5/FaN4bO5SazFg9/uXEZzqK8Ap1srqUYZlXCNroR22O5Ecs0rYhlaDldD
zxGpyj0UYlYENTNXHkf34yVTfnB9JE8y2Uaz/Uj25pVvs+thU+Vt5LebaSS5v/bj
mlMxdOJ5MY02HvVnIREA/6cf93tBC61alTeP5w1ZMX3YL37plTIR5sTUapY05oIS
gMlJd+CVWgdVG2ekn9WPtPyyqiJW87n1npS4DYJcJjoDfNbOvhN7wuZ8PNzKc1XA
FDpLmG1+WN0NshIyOjH/4P3HzozIBy5qNeWXm3zBRPr7AtUJScE=
=Ty2B
-----END PGP SIGNATURE-----
News for package shibboleth-sp
