-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 12 Nov 2009 11:17:33 -0800
Source: shibboleth-sp
Binary: libshib-dev libshib6 libshib-target5 libapache2-mod-shib
Architecture: source i386
Version: 1.3.1.dfsg1-3+lenny2
Distribution: stable-security
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel@lists.alioth.debian.org>
Changed-By: Russ Allbery <rra@debian.org>
Description:
libapache2-mod-shib - Federated web single sign-on system (Apache module)
libshib-dev - Federated web single sign-on system (development)
libshib-target5 - Federated web single sign-on system (target runtime)
libshib6 - Federated web single sign-on system (runtime)
Changes:
shibboleth-sp (1.3.1.dfsg1-3+lenny2) stable-security; urgency=high
.
* SECURITY: Fix improper handling of URLs that could be abused for
script injection and other cross-site scripting attacks.
(CVE-2009-3300)
* Fix build dependency to force libxml-security-c-dev 1.3 or later.
This is not strictly required for lenny since lenny shipped with 1.4,
but helps backports to etch.
Checksums-Sha1:
110a03721e58b596329d7e271a1a62cd0afa642e 1601 shibboleth-sp_1.3.1.dfsg1-3+lenny2.dsc
af646435b680571aebd3cd42abaa326553608554 34141 shibboleth-sp_1.3.1.dfsg1-3+lenny2.diff.gz
714dc700bb72f141cb7da6cd803e50ff2cb9ae80 424062 libshib-dev_1.3.1.dfsg1-3+lenny2_i386.deb
979ae57fcfc52f45fcce1ddde8b5553396be9e66 78690 libshib6_1.3.1.dfsg1-3+lenny2_i386.deb
98d7d026d3ffc60ed8187adbd99085f899f76092 199976 libshib-target5_1.3.1.dfsg1-3+lenny2_i386.deb
9c431542a59007308a0a58efdaa8bd59407038f8 3517742 libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_i386.deb
Checksums-Sha256:
6488f1d3a6221a1a8ad01212cd1067a8a9b85a1dd43efa4c09608ed9aaac7b4a 1601 shibboleth-sp_1.3.1.dfsg1-3+lenny2.dsc
4d0e5b3e3c3b46af6db7af5fbb41ab9147c1b8e1a8fac636336e17b7731f9894 34141 shibboleth-sp_1.3.1.dfsg1-3+lenny2.diff.gz
7626c54b1ca99625cb4a343a5164470dc49be245c5c5f1ce61be3cd83c11e506 424062 libshib-dev_1.3.1.dfsg1-3+lenny2_i386.deb
63e5733d7661bdadf635984eec6592785a3ec6ffed1ac36f99154cdba05f28f0 78690 libshib6_1.3.1.dfsg1-3+lenny2_i386.deb
272315311fce23f377bf8c3491776124bce09b2c632f4186726c64b147aebafe 199976 libshib-target5_1.3.1.dfsg1-3+lenny2_i386.deb
fd697a083a4c5f10afcc44b47ef9832a2aeade299b9e4addee9dbb15bcf777a6 3517742 libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_i386.deb
Files:
b7d6efd2896e7e3cee6463c14c23b122 1601 web optional shibboleth-sp_1.3.1.dfsg1-3+lenny2.dsc
89b96ed5094e36c9da588f2fe0c815d9 34141 web optional shibboleth-sp_1.3.1.dfsg1-3+lenny2.diff.gz
813d3d51730c919ce8cce2619e8cb7a4 424062 libdevel extra libshib-dev_1.3.1.dfsg1-3+lenny2_i386.deb
03c98f8a8ab9c46c51211cf03477a596 78690 libs optional libshib6_1.3.1.dfsg1-3+lenny2_i386.deb
baa7d28e34b5fde83cc018b5a5d4c15a 199976 libs optional libshib-target5_1.3.1.dfsg1-3+lenny2_i386.deb
7a113810a43f06c3d6a3c5dab6e07016 3517742 web optional libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAksXRoEACgkQ+YXjQAr8dHarfwCgmRdt4qYpInWoeqBkaaxCwJDO
kWcAoLDnZb0gWNztx+PiR4TxzeswNcyx
=CUkj
-----END PGP SIGNATURE-----
Accepted:
libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_i386.deb
to main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_i386.deb
libshib-dev_1.3.1.dfsg1-3+lenny2_i386.deb
to main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_i386.deb
libshib-target5_1.3.1.dfsg1-3+lenny2_i386.deb
to main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_i386.deb
libshib6_1.3.1.dfsg1-3+lenny2_i386.deb
to main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_i386.deb
shibboleth-sp_1.3.1.dfsg1-3+lenny2.diff.gz
to main/s/shibboleth-sp/shibboleth-sp_1.3.1.dfsg1-3+lenny2.diff.gz
shibboleth-sp_1.3.1.dfsg1-3+lenny2.dsc
to main/s/shibboleth-sp/shibboleth-sp_1.3.1.dfsg1-3+lenny2.dsc
