-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 25 Jul 2011 13:35:54 -0700
Source: opensaml2
Binary: libsaml7 libsaml2-dev opensaml2-tools opensaml2-schemas libsaml2-doc
Architecture: source i386 all
Version: 2.4.3-1
Distribution: unstable
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel@lists.alioth.debian.org>
Changed-By: Russ Allbery <rra@debian.org>
Description: 
 libsaml2-dev - Security Assertion Markup Language library (development)
 libsaml2-doc - Security Assertion Markup Language library (API docs)
 libsaml7   - Security Assertion Markup Language library (runtime)
 opensaml2-schemas - Security Assertion Markup Language library (XML schemas)
 opensaml2-tools - Security Assertion Markup Language command-line tools
Changes: 
 opensaml2 (2.4.3-1) unstable; urgency=high
 .
   * Set urgency to high for security fix.
   * New upstream release.
     - SECURITY: Fix vulnerability to a "wrapping attack" that could allow
       a remote, unauthenticated attacker to craft messages that can be
       successfully verified but contain arbitrary content.  This may allow
       an attacker to subvert the security of software using OpenSAML and
       supply an unauthenticated login identity and data under the guise of
       a trusted issuer.  (CVE-2011-1411)
     - Fix unmarshalling of RespondWith element
     - Make library init routines idempotent
   * Update the Debian-provided samlsign.1 man page for new flags supported
     by the upstream utility.
   * Update debian/watch for the new upstream distribution location.
   * Update standards version to 3.9.2 (no changes required).
Checksums-Sha1: 
 20d4c8bb2400040f0efe3a34c73a91a98b5abb6d 1817 opensaml2_2.4.3-1.dsc
 1835d1815a1937499a21bcaad09ce2a668e3d793 871693 opensaml2_2.4.3.orig.tar.gz
 4ca0830af009e5459a0b7328286b8689b1cad6c1 8343 opensaml2_2.4.3-1.debian.tar.gz
 b0b336636fdd98a7b960f03eb4b1045508ada6d6 1361596 libsaml7_2.4.3-1_i386.deb
 d2abf712896b54352ce8c509714aa497ce8b2506 51150 libsaml2-dev_2.4.3-1_i386.deb
 3e8c8604f270360d6228caf7bebac100403c5038 26848 opensaml2-tools_2.4.3-1_i386.deb
 27f787f603f0b8a3cf8be433091467fe459a44b7 30394 opensaml2-schemas_2.4.3-1_all.deb
 c9c7d41df03033a309f297c4d8af462e4a210b69 2314488 libsaml2-doc_2.4.3-1_all.deb
Checksums-Sha256: 
 01489352a6f85ed1126651db52bd88f3840ff5d59f897b3347d5b37a5485206e 1817 opensaml2_2.4.3-1.dsc
 850187c7dd664f9216a387bcc9e08f36643f04ddc08d11551e33a46dd15d2539 871693 opensaml2_2.4.3.orig.tar.gz
 5d3072a6bb6b4cb5bee32fd251676905f83f28d652ca149e2d9088f7e9c45f0e 8343 opensaml2_2.4.3-1.debian.tar.gz
 9c3eb76b519f91e72f96fc491ff8c2361a1d89af3449a6068eef51fb465b952d 1361596 libsaml7_2.4.3-1_i386.deb
 78f370b6218e41c7bcc631d3cd6ca8e6a7c59ad4676e6ab28bb674d8b177e741 51150 libsaml2-dev_2.4.3-1_i386.deb
 71327d1853421264a40c602b567e97a8934ae6c24ba793fe4cfc523596d27fdd 26848 opensaml2-tools_2.4.3-1_i386.deb
 a6a581ff66e9d9a0527b94c6dc60c19082602b05780107fb7d0dfc0bc3dd0338 30394 opensaml2-schemas_2.4.3-1_all.deb
 80779023c9e035941d3a9d4934d23796341e239d5f4348270b6ed6a87bcd29da 2314488 libsaml2-doc_2.4.3-1_all.deb
Files: 
 7fcff61e1900f71899bd14009433e1d1 1817 libs extra opensaml2_2.4.3-1.dsc
 368361d56992afafbc6f8190a77ffd53 871693 libs extra opensaml2_2.4.3.orig.tar.gz
 96cec54a8d31a2608b0a649da0dde322 8343 libs extra opensaml2_2.4.3-1.debian.tar.gz
 206d792cfb5c5a393d0f952aafdb9b37 1361596 libs extra libsaml7_2.4.3-1_i386.deb
 6bb636b6f18594e545c512eac5f59dcb 51150 libdevel extra libsaml2-dev_2.4.3-1_i386.deb
 4018c666d8f4a7fb3742a319afaa4719 26848 text extra opensaml2-tools_2.4.3-1_i386.deb
 ab984acb02566a7e84d9b86e104572f3 30394 text extra opensaml2-schemas_2.4.3-1_all.deb
 74a59be868c921b851d9819d298f174e 2314488 doc extra libsaml2-doc_2.4.3-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEcBAEBCAAGBQJOLdTgAAoJEH2AMVxXNt51F2gIAIwbSSbDi7geUCudFUxCJGP/
Vu2FkrJEFWFcWCcnLxSF7hfok2PRlF1Xvmw8aCr8Z8r0OT779vsvUTr0vkZUmbn8
+n8FzW9nbBpxYW1xFua84hGSd+FzHv4fDMR0Fo5nP9HMXlS9fswwq/JslhroGQ1u
gtj1DqH7ww4R5R5r1tL037EiSln3F665F1ulm4qs0cJWyhLcLe2S/0kv9sYyw3v+
KNi/SYLKQlR3ZC6PQRjTuWY98bnUjj/fu8TwNFPN9milNLLDiRK8HhQasIZc+myw
JpN1kfn9IahvMWAiDEwvJ61OIVMkhabhaTMzdAIf/UH53RdjBEeAIabmY/fqhoo=
=xoBJ
-----END PGP SIGNATURE-----
Accepted:
libsaml2-dev_2.4.3-1_i386.deb
  to main/o/opensaml2/libsaml2-dev_2.4.3-1_i386.deb
libsaml2-doc_2.4.3-1_all.deb
  to main/o/opensaml2/libsaml2-doc_2.4.3-1_all.deb
libsaml7_2.4.3-1_i386.deb
  to main/o/opensaml2/libsaml7_2.4.3-1_i386.deb
opensaml2-schemas_2.4.3-1_all.deb
  to main/o/opensaml2/opensaml2-schemas_2.4.3-1_all.deb
opensaml2-tools_2.4.3-1_i386.deb
  to main/o/opensaml2/opensaml2-tools_2.4.3-1_i386.deb
opensaml2_2.4.3-1.debian.tar.gz
  to main/o/opensaml2/opensaml2_2.4.3-1.debian.tar.gz
opensaml2_2.4.3-1.dsc
  to main/o/opensaml2/opensaml2_2.4.3-1.dsc
opensaml2_2.4.3.orig.tar.gz
  to main/o/opensaml2/opensaml2_2.4.3.orig.tar.gz