-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Thu, 24 Sep 2009 20:27:16 -0700 Source: shibboleth-sp Binary: libshib-dev libshib6 libshib-target5 libapache2-mod-shib Architecture: source i386 Version: 1.3.1.dfsg1-3+lenny1 Distribution: stable-security Urgency: high Maintainer: Debian Shib Team <pkg-shibboleth-devel@lists.alioth.debian.org> Changed-By: Russ Allbery <rra@debian.org> Description: libapache2-mod-shib - Federated web single sign-on system (Apache module) libshib-dev - Federated web single sign-on system (development) libshib-target5 - Federated web single sign-on system (target runtime) libshib6 - Federated web single sign-on system (runtime) Changes: shibboleth-sp (1.3.1.dfsg1-3+lenny1) stable-security; urgency=high . * SECURITY: Correctly handle decoding of malformed URLs, closing a possibly exploitable buffer overflow. See <http://shibboleth.internet2.edu/secadv/secadv_20090826.txt> * SECURITY: Certificate subject names were incorrectly matched against trusted "key names" when they contained nul characters. This affects only Shibboleth deployments relying on the "PKIX" style of trust validation, used in the absence of explicit certificate information in the SAML metadata provided to the SP and reliance on certificate authorities found in the <KeyAuthority> metadata extension element. See <http://shibboleth.internet2.edu/secadv/secadv_20090817.txt> Checksums-Sha1: ae44334485eb23f1eb3c5c258158b17f4908d150 1591 shibboleth-sp_1.3.1.dfsg1-3+lenny1.dsc 1c651e45b2ca9e48c6c5aae3401fb1f0281b169e 761686 shibboleth-sp_1.3.1.dfsg1.orig.tar.gz 4dd115835cf12aac5e8c917e76cffc3e49dc2f94 30356 shibboleth-sp_1.3.1.dfsg1-3+lenny1.diff.gz 642df8830c36b9c2814f51ca5b9dabe6b36eaf2f 421360 libshib-dev_1.3.1.dfsg1-3+lenny1_i386.deb 26720c16d2abdd5e5775af3f9612d96a96e30249 78522 libshib6_1.3.1.dfsg1-3+lenny1_i386.deb d1d30ace2aad20cfe79603f0e08cc84f1257401a 197712 libshib-target5_1.3.1.dfsg1-3+lenny1_i386.deb 3eec58a7c4bc86516b1b2dcbe99b2c9b3d2ab8d0 3512518 libapache2-mod-shib_1.3.1.dfsg1-3+lenny1_i386.deb Checksums-Sha256: 4f8ccc143b9ef7d12d2ca9089d6d18e539f17cc9041a3f86517a1b85f88267df 1591 shibboleth-sp_1.3.1.dfsg1-3+lenny1.dsc 432ca216381d9461744c4dc044754fed261484824ec6d76da7e5ca4e252d6d20 761686 shibboleth-sp_1.3.1.dfsg1.orig.tar.gz e669e07d974584410f4034280153c2406473b54f5c82d1441beef2cb9b503a48 30356 shibboleth-sp_1.3.1.dfsg1-3+lenny1.diff.gz b52ff3d946878c8e5b36bd59056fbc275e458911a736e20a7ce9bdff7dde128f 421360 libshib-dev_1.3.1.dfsg1-3+lenny1_i386.deb a2a30d6beecce4d2e97ed28a45eab9c6b39572429efef5f7e8b3c466d87f4867 78522 libshib6_1.3.1.dfsg1-3+lenny1_i386.deb 7dd6c5844cd8fd4c96d27174063e97a123cc4493e272c0590f17fc2e550da149 197712 libshib-target5_1.3.1.dfsg1-3+lenny1_i386.deb 3fa22dbf55810da67aab093d5cb1bdd94d3d96cf455edd6f420f99d65ee3a34e 3512518 libapache2-mod-shib_1.3.1.dfsg1-3+lenny1_i386.deb Files: 957e199b8371dd0b00b354b6b6464fba 1591 web optional shibboleth-sp_1.3.1.dfsg1-3+lenny1.dsc 996ac4370cd8cb91528169c1e2c337b6 761686 web optional shibboleth-sp_1.3.1.dfsg1.orig.tar.gz b055345581eadf17a1f169e9ac31f474 30356 web optional shibboleth-sp_1.3.1.dfsg1-3+lenny1.diff.gz e4c83085f5a4f14156d24aff2b4b48f2 421360 libdevel extra libshib-dev_1.3.1.dfsg1-3+lenny1_i386.deb 02ee34906281e3e4b7a361b95ac92756 78522 libs optional libshib6_1.3.1.dfsg1-3+lenny1_i386.deb 3b688248585cdb7f4d80496a84898585 197712 libs optional libshib-target5_1.3.1.dfsg1-3+lenny1_i386.deb 5824ef05fb06f828505c2d31fcc6dae3 3512518 web optional libapache2-mod-shib_1.3.1.dfsg1-3+lenny1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkq+nb0ACgkQ+YXjQAr8dHbvhQCgpw4wzgHCbhI4cS5HpWlZQZZe d2oAoMSxfYCp9DPxG+dpjxOeLwG2yKkd =+uTm -----END PGP SIGNATURE----- Accepted: libapache2-mod-shib_1.3.1.dfsg1-3+lenny1_i386.deb to pool/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny1_i386.deb libshib-dev_1.3.1.dfsg1-3+lenny1_i386.deb to pool/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny1_i386.deb libshib-target5_1.3.1.dfsg1-3+lenny1_i386.deb to pool/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny1_i386.deb libshib6_1.3.1.dfsg1-3+lenny1_i386.deb to pool/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny1_i386.deb shibboleth-sp_1.3.1.dfsg1-3+lenny1.diff.gz to pool/main/s/shibboleth-sp/shibboleth-sp_1.3.1.dfsg1-3+lenny1.diff.gz shibboleth-sp_1.3.1.dfsg1-3+lenny1.dsc to pool/main/s/shibboleth-sp/shibboleth-sp_1.3.1.dfsg1-3+lenny1.dsc