Debian Package Tracker

Date: Thu, 27 Oct 2011 13:02:30 +0000
From: Thijs Kinkhorst <thijs@debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted simplesamlphp 1.8.1-1 (source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 27 Oct 2011 14:19:20 +0200
Source: simplesamlphp
Binary: simplesamlphp
Architecture: source all
Version: 1.8.1-1
Distribution: unstable
Urgency: high
Maintainer: Thijs Kinkhorst <thijs@debian.org>
Changed-By: Thijs Kinkhorst <thijs@debian.org>
Description: 
 simplesamlphp - Authentication and federation application supporting several prot
Changes: 
 simplesamlphp (1.8.1-1) unstable; urgency=high
 .
   * New upstream release. Fixes security issues:
     - It may be possible to use an SP as a oracle to decrypt
       encrypted messages sent to that SP. This is the attack
       described in the paper "How to break XML encryption":
       http://dx.doi.org/10.1145/2046707.2046756
     - It may be possible to use the SP as a key oracle which
       can be used to  forge messages from that SP by issuing
       300000-2000000 queries to the SP. This mainly affects
       SPs that use signed authentication requests. The attack
       is described in "Chosen Ciphertext Attacks Against
       Protocols Based on the RSA Encryption Standard PKCS #1.":
       http://www.iacr.org/cryptodb/data/paper.php?pubkey=1037
Checksums-Sha1: 
 cbf581991d409d4e8e193c11efd0d70cdc0e08b2 1560 simplesamlphp_1.8.1-1.dsc
 eb152e76374e07010de7b3b9c0bf9c1d9cabe8fa 1547641 simplesamlphp_1.8.1.orig.tar.gz
 09f91ac638ba0aa4b5e7fa9552e5d7a2b671138b 7498 simplesamlphp_1.8.1-1.debian.tar.gz
 f8f7f2186ad9ab94bb193420da8df65c6512e76b 1466304 simplesamlphp_1.8.1-1_all.deb
Checksums-Sha256: 
 eecb3a7f77dcde7a5dcb93e1b4940adf26dfd13f21c35dc2cb7627701db38a4a 1560 simplesamlphp_1.8.1-1.dsc
 59b5ae4df1a1bf1c8532dac23eb0c24fd1747695318e959f8071f64fbfd14003 1547641 simplesamlphp_1.8.1.orig.tar.gz
 f96144dd2728085ace12c945085a4a30835bf2830ad0331b4433c10348f881e4 7498 simplesamlphp_1.8.1-1.debian.tar.gz
 9f26873834cce622bcd816df42e1ab94ad192ae21a57965b2253ff60dc1014f7 1466304 simplesamlphp_1.8.1-1_all.deb
Files: 
 9a260f2b198156fb85cc216e40956b4b 1560 web extra simplesamlphp_1.8.1-1.dsc
 f7929269707634e1aab182934ade55bf 1547641 web extra simplesamlphp_1.8.1.orig.tar.gz
 0ab86da81493861a5162e3b4e08fd981 7498 web extra simplesamlphp_1.8.1-1.debian.tar.gz
 23d51b8e47d22b2998570b5975e95165 1466304 web extra simplesamlphp_1.8.1-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJOqVKjAAoJEOxfUAG2iX57s2QH/A41a5aSQ5/fHKmMGQ/Lv8YG
fR+MlYetc1lw5aKdjhIYRvmWFOZ6KdOhhDvWMmJfGXp4HGo3AK3oo4kPC4tukH7w
EA7QsBFjb/+KIYlPNb1mmfZLyapEwE+F57ZNnMD7eHtELMRTky1liuMXMuOXW9aw
VKnoRdgUUjwfeopdmeVfP5fVE22KqQFuC70+nZvrm+oQ0YC9X4gR6fz+XqBkz1Rv
fjyvoj78uhhYkvakndz7touOg9Oo1Yyc6RdMrfMPN1Jn4zoFr1o8k9K3m8KI/lZO
/2ZyHVQ4GT4c5h/GfoXK/XoC3GsN80f4srcrOnb2gygV0EqDB/sEkeaIHMnZmHM=
=ZHOr
-----END PGP SIGNATURE-----


Accepted:
simplesamlphp_1.8.1-1.debian.tar.gz
  to main/s/simplesamlphp/simplesamlphp_1.8.1-1.debian.tar.gz
simplesamlphp_1.8.1-1.dsc
  to main/s/simplesamlphp/simplesamlphp_1.8.1-1.dsc
simplesamlphp_1.8.1-1_all.deb
  to main/s/simplesamlphp/simplesamlphp_1.8.1-1_all.deb
simplesamlphp_1.8.1.orig.tar.gz
  to main/s/simplesamlphp/simplesamlphp_1.8.1.orig.tar.gz
News for package simplesamlphp
