-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Mon, 23 Nov 2009 20:41:32 +0100 Source: opensaml2 Binary: libsaml2 libsaml2-dev opensaml2-tools opensaml2-schemas libsaml2-doc Architecture: source i386 all Version: 2.0-2+lenny2 Distribution: stable-security Urgency: high Maintainer: Debian Shib Team <pkg-shibboleth-devel@lists.alioth.debian.org> Changed-By: Ferenc Wagner <wferi@niif.hu> Description: libsaml2 - Security Assertion Markup Language library (runtime) libsaml2-dev - Security Assertion Markup Language library (development) libsaml2-doc - Security Assertion Markup Language library (API docs) opensaml2-schemas - Security Assertion Markup Language library (XML schemas) opensaml2-tools - Security Assertion Markup Language command-line tools Changes: opensaml2 (2.0-2+lenny2) stable-security; urgency=high . * SECURITY: Partial fix for improper handling of URLs that could be abused for script injection and other cross-site scripting attacks. The complete fix also requires a newer shibboleth-sp2 package. (CVE-2009-3300) Checksums-Sha1: f380886fc0ea0bbd2f97ce658c8f9ec3f298ee33 1450 opensaml2_2.0-2+lenny2.dsc 542731016e43b503c549547091b97cfb172bb5df 7717 opensaml2_2.0-2+lenny2.diff.gz 8f18b664006d145db2294a17b7fba904a4936cca 1083380 libsaml2_2.0-2+lenny2_i386.deb 5ad1a4d34c13d307f26de914b9badc2528ccb633 44708 libsaml2-dev_2.0-2+lenny2_i386.deb d12cddb97a87b48803e949f2cec72f98993d5b6c 27222 opensaml2-tools_2.0-2+lenny2_i386.deb 8708e2f74a7c89343392c8d4ed6d25ec66f9dc37 25680 opensaml2-schemas_2.0-2+lenny2_all.deb 9cb7b503428253983c6f2155c1a1ae77a8e55ec2 365940 libsaml2-doc_2.0-2+lenny2_all.deb Checksums-Sha256: f6c38d33b8b0d02a486c67ebaf26b6fd414574999cfa76dfccfa46a300a48f02 1450 opensaml2_2.0-2+lenny2.dsc c528304b26b9cdc8aa1d1e52e83fbe8081e76eef04a4b3217237d5535dd59a7f 7717 opensaml2_2.0-2+lenny2.diff.gz 0a09d605b02fe18629cdb77a4774bb01d2a02f0273f240189e327826341087b5 1083380 libsaml2_2.0-2+lenny2_i386.deb 42dc4ecb7a9394ed6a504d805f9a5b881e7ba2c2388fbf0b3ba6374c31226f65 44708 libsaml2-dev_2.0-2+lenny2_i386.deb 09fe3b75e47cc3c5daf97c0886273b98c700bfb730efc0e6cb9a801271b8b790 27222 opensaml2-tools_2.0-2+lenny2_i386.deb 31132a9b064c691c2d8fa6c36cf838151ce2bbee9c60b499335e73f2029cb591 25680 opensaml2-schemas_2.0-2+lenny2_all.deb 3cb216479f55b6f7b2fa5769e3e75741c8c413d5022075ad93c02b802d13ba99 365940 libsaml2-doc_2.0-2+lenny2_all.deb Files: ae583eaffa9dc2ab9fc37f15bfbf9817 1450 libs extra opensaml2_2.0-2+lenny2.dsc be1470ec19b079abbea465c586a6db9c 7717 libs extra opensaml2_2.0-2+lenny2.diff.gz 5172f568a27adc2bed46aa20f676dff5 1083380 libs extra libsaml2_2.0-2+lenny2_i386.deb 2ed6b07d9ef09967812b79e897034310 44708 libdevel extra libsaml2-dev_2.0-2+lenny2_i386.deb 139eb0bb1b4509126eb0f314bd06b3c6 27222 text extra opensaml2-tools_2.0-2+lenny2_i386.deb 681338ca7d060ab79c9f26527902d8dc 25680 text extra opensaml2-schemas_2.0-2+lenny2_all.deb 551bf56b7ca0618a515b4cde3c9046c7 365940 doc extra libsaml2-doc_2.0-2+lenny2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkscIDkACgkQ+YXjQAr8dHZlyQCghCUKelg52toF3av7JM17JZoo 748An1dYyekkxociDOU6UszKGRkBSmE5 =2osD -----END PGP SIGNATURE----- Accepted: libsaml2-dev_2.0-2+lenny2_i386.deb to main/o/opensaml2/libsaml2-dev_2.0-2+lenny2_i386.deb libsaml2-doc_2.0-2+lenny2_all.deb to main/o/opensaml2/libsaml2-doc_2.0-2+lenny2_all.deb libsaml2_2.0-2+lenny2_i386.deb to main/o/opensaml2/libsaml2_2.0-2+lenny2_i386.deb opensaml2-schemas_2.0-2+lenny2_all.deb to main/o/opensaml2/opensaml2-schemas_2.0-2+lenny2_all.deb opensaml2-tools_2.0-2+lenny2_i386.deb to main/o/opensaml2/opensaml2-tools_2.0-2+lenny2_i386.deb opensaml2_2.0-2+lenny2.diff.gz to main/o/opensaml2/opensaml2_2.0-2+lenny2.diff.gz opensaml2_2.0-2+lenny2.dsc to main/o/opensaml2/opensaml2_2.0-2+lenny2.dsc