-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 18 Nov 2017 20:07:17 +0100 Source: opensaml2 Binary: libsaml7 libsaml2-dev opensaml2-tools opensaml2-schemas libsaml2-doc Architecture: source amd64 all Version: 2.4.3-4+deb7u2 Distribution: wheezy-security Urgency: high Maintainer: Debian Shib Team <pkg-shibboleth-devel@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: libsaml2-dev - Security Assertion Markup Language library (development) libsaml2-doc - Security Assertion Markup Language library (API docs) libsaml7 - Security Assertion Markup Language library (runtime) opensaml2-schemas - Security Assertion Markup Language library (XML schemas) opensaml2-tools - Security Assertion Markup Language command-line tools Changes: opensaml2 (2.4.3-4+deb7u2) wheezy-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2017-16853: Rod Widdowson of Steading System Software LLP discovered a coding error in the OpenSAML library, causing the DynamicMetadataProvider class to fail configuring itself with the filters provided and omitting whatever checks they are intended to perform. Checksums-Sha1: 296dd1275af86fceb6f34a7a23f1d4ab43940ae1 2506 opensaml2_2.4.3-4+deb7u2.dsc 41f00d2e60f704ed767c95a198a313abf3dfefcc 10495 opensaml2_2.4.3-4+deb7u2.debian.tar.gz dc34e9595ba8bf66ccb180ef42558887b2ba1d82 1450094 libsaml7_2.4.3-4+deb7u2_amd64.deb 15891a9b77cc7bc491d63dd633f716b361680308 51982 libsaml2-dev_2.4.3-4+deb7u2_amd64.deb 8fecf4388257a1b0945b6c275f093f9380e99619 29496 opensaml2-tools_2.4.3-4+deb7u2_amd64.deb ec17570261cb53eef6efa4482539ef1031abd46c 30768 opensaml2-schemas_2.4.3-4+deb7u2_all.deb 936f46ac30e93973256f61a6f1ea3cda4f69a0a8 2298548 libsaml2-doc_2.4.3-4+deb7u2_all.deb Checksums-Sha256: f9926a266b1b5adede2153a383840063690ce021f55b1271ae95f58c4bbe9846 2506 opensaml2_2.4.3-4+deb7u2.dsc dc425a3bdb546e1a9a46d185244eb040ed4e89568539f900b1e4aa684d788c3c 10495 opensaml2_2.4.3-4+deb7u2.debian.tar.gz 0c8e5817acc30e11c53809d361969a690adc2f085b478579dccdd7bffaf85b20 1450094 libsaml7_2.4.3-4+deb7u2_amd64.deb 287994a375cb6de246a2870bbd8dab663845639acbaa3dc29d8b0c79c3d3bf05 51982 libsaml2-dev_2.4.3-4+deb7u2_amd64.deb 9fbfd841a8bc838bf5d25e9912556f40bc2db68f9d1aed1e36ee31c614dd7117 29496 opensaml2-tools_2.4.3-4+deb7u2_amd64.deb 37719d81bf24349cf4b5f4d271570131a1429cbb7b7c5ca46da9a997b6ee75ac 30768 opensaml2-schemas_2.4.3-4+deb7u2_all.deb f2487b8ecff9d01310fb1cb0a0a9479819032e1fc27e196c6982393604688cf7 2298548 libsaml2-doc_2.4.3-4+deb7u2_all.deb Files: af9bb1529633b651250b994541220d0f 2506 libs extra opensaml2_2.4.3-4+deb7u2.dsc a5125fdf649b41726443fc3f3f84083f 10495 libs extra opensaml2_2.4.3-4+deb7u2.debian.tar.gz 98549c1aa99095e4835e22c85e9e7a18 1450094 libs extra libsaml7_2.4.3-4+deb7u2_amd64.deb 3102dd85985943c09bc19bb3fffed9fa 51982 libdevel extra libsaml2-dev_2.4.3-4+deb7u2_amd64.deb 86de34def16dfa3124fa2c3458cc5694 29496 text extra opensaml2-tools_2.4.3-4+deb7u2_amd64.deb 9dc6ff9aa3c04325632b2e83ae0ea950 30768 text extra opensaml2-schemas_2.4.3-4+deb7u2_all.deb 28ba11671c1cfef4485879ff506b0ad9 2298548 doc extra libsaml2-doc_2.4.3-4+deb7u2_all.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAloQi5VfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hk3n0P/iDenysEUDHrevJmueyBNQzZODAKAaYb8JQb rO9Dc2hBBxSrVexTamF3UP7TSRmq5E39ZCJQLk/vM4LCXkHF4Yp3SIyhZ9bEG3ez gz/htHwkIdt+jGAznppx12JUP+tCHbVKInhXSSSYnYPPOz5uY/H2LSLEoMpeHBbM eJXOsfNHlheLiztpAohp4uIw2KK6bBSFgfMBDJYyN8t4UEVu5YUjqolr8k2cxP9+ hUpIEbPNWCTGyEsLieZJjqJpQ5vNoj7eWaaA7tW+RMDeGaNXjh9IfY0ySZRrMc+5 hYu5xSQ+otyuiO5p2GaQ7UkL4fKIEnFPfcNFs/erPS5EcXi30oMq9+PYd8QG9+dF hJcqOEpKgFLjoLyEy6XEEi1058bpv9SKaYg3MtTiidDTvZ3jph87N/4Qnp2PiKAa 4yYw3QdPHyWeEPTkucq1PKs5VyXG5SVHJFfTBm8RxjZed+DGnoFy/xJIKKbyF02R T5RHaUHVjrGy52e3guHn1gc/k1IuucslM3VNMtuUNkNVinVP3nIXv9Uafk8PYinY AkA25/p2AP+3VuvUurpwRm08D8lsDQQll0ZM+N5WlVLMzcHikP4PGtdASzGbT2Sn YwKVHDh0nbfG7RHJ9gCvfctKitpn4BT4MssOcpgvdEDIAdVCnKmFUtDgZCFwZjYI wLdPD9s4 =mpe0 -----END PGP SIGNATURE-----
