-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 18 Nov 2017 20:24:54 +0100 Source: shibboleth-sp2 Binary: libapache2-mod-shib2 libshibsp5 libshibsp-dev libshibsp-doc shibboleth-sp2-schemas Architecture: source amd64 all Version: 2.4.3+dfsg-5+deb7u2 Distribution: wheezy-security Urgency: high Maintainer: Debian Shib Team <pkg-shibboleth-devel@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: libapache2-mod-shib2 - Federated web single sign-on system (Apache module) libshibsp-dev - Federated web single sign-on system (development) libshibsp-doc - Federated web single sign-on system (API docs) libshibsp5 - Federated web single sign-on system (runtime) shibboleth-sp2-schemas - Federated web single sign-on system (schemas) Changes: shibboleth-sp2 (2.4.3+dfsg-5+deb7u2) wheezy-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2017-16852: Rod Widdowson of Steading System Software LLP discovered a coding error in the "Dynamic" metadata plugin of the Shibboleth Service Provider, causing the plugin to fail configuring itself with the filters provided and omitting whatever checks they are intended to perform. Checksums-Sha1: bdcacf7b27fadb889abb74c0d0bbfcedf08c0ab1 2747 shibboleth-sp2_2.4.3+dfsg-5+deb7u2.dsc f49ad68c10ea08b54abe9df2280900f732b207ac 25578 shibboleth-sp2_2.4.3+dfsg-5+deb7u2.debian.tar.gz e27d0951b5acd5c13154677b2938d3012d9bed80 267366 libapache2-mod-shib2_2.4.3+dfsg-5+deb7u2_amd64.deb cd069eb1437272510a5e79b01da83a6276c6b947 1066734 libshibsp5_2.4.3+dfsg-5+deb7u2_amd64.deb c4b9f7d1ccaeec978aa4d111823917c831a0ac1a 51662 libshibsp-dev_2.4.3+dfsg-5+deb7u2_amd64.deb bf16eaa69ede13bf2c904cb7ee2ddb4f34938074 2716676 libshibsp-doc_2.4.3+dfsg-5+deb7u2_all.deb bf1b0f3e7a088ab53a422ff084ba1b8532170a67 23456 shibboleth-sp2-schemas_2.4.3+dfsg-5+deb7u2_all.deb Checksums-Sha256: a1eb58b1ac0081648dee988b86d75d5d45f58050e43b7e8bc3247aa2fa1ad450 2747 shibboleth-sp2_2.4.3+dfsg-5+deb7u2.dsc ea1905765d364fd07662b66993c8e569106295c3d0ba3a4841660d5d30da0353 25578 shibboleth-sp2_2.4.3+dfsg-5+deb7u2.debian.tar.gz 0220efdddf51852003fc364fa539ff23f1eff5b5c3268c4cf05c822ea7349bb1 267366 libapache2-mod-shib2_2.4.3+dfsg-5+deb7u2_amd64.deb f62ef9cbf7f0ae5c83196a32e0853dbb2aa5fd6c08adfae5b0e589f3fb64af65 1066734 libshibsp5_2.4.3+dfsg-5+deb7u2_amd64.deb 20c5beef90584ee84102eec5af6dc6e897fe37d1d3fca502673402947162462f 51662 libshibsp-dev_2.4.3+dfsg-5+deb7u2_amd64.deb 42ea444dbbaf2caaa7d9507c3dff3d20710800a1249a53a3383afa2e161aa6bd 2716676 libshibsp-doc_2.4.3+dfsg-5+deb7u2_all.deb d035a3edb2e417cce8e9daaf4f21a7da2e73dc7aad2e462775912a328773cc5f 23456 shibboleth-sp2-schemas_2.4.3+dfsg-5+deb7u2_all.deb Files: 041fbb1b1350522ebd241f349a0f696c 2747 web extra shibboleth-sp2_2.4.3+dfsg-5+deb7u2.dsc ac5f9becbe0b51229b2780f4a3a079d3 25578 web extra shibboleth-sp2_2.4.3+dfsg-5+deb7u2.debian.tar.gz 198555953983b18e4c74926690ced2ba 267366 httpd extra libapache2-mod-shib2_2.4.3+dfsg-5+deb7u2_amd64.deb d3793ec4b457f11ae7c01927f2bdae69 1066734 libs extra libshibsp5_2.4.3+dfsg-5+deb7u2_amd64.deb e83006fe3aa2f68ea07dcccb3ec18875 51662 libdevel extra libshibsp-dev_2.4.3+dfsg-5+deb7u2_amd64.deb dfe2300e7d9ca3e2354f090d98ccc592 2716676 doc extra libshibsp-doc_2.4.3+dfsg-5+deb7u2_all.deb d94eea92cb6cb83b978ce07eef4ccd06 23456 text extra shibboleth-sp2-schemas_2.4.3+dfsg-5+deb7u2_all.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAloQjFBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkwjUQAK2SHTE8tTavJbpmAlCZVY+aa6u10rmIq+Qp kdyP7fo7kVn6mlBQxfbxyd3iPqxnMHwhi5EjLTm/ucWlWiY0M8Fi01BbT4Yl2eyD iRP4LR69aqvsvcr/mSR6xZxvT3B+7pQlHZFfUuuxD/FTs79wsdik/e2ks+ZHktBB lwoS9AHduMykecP58p8QMBX/MqORlViBPq2elHbUfreP6MegcXuBQJ6cNGZCdQ3v sHF9hck+uzJY7IzewFKeSEcMn7+RIrBwSkgBmjVB1TxENrCOxKaree7JkVFUSDH1 2VqJjKEbkDSODkJzg2n01DDIwV5S/OibV1KMd8/cyFnGdOXybJsbCF3xUFGSoQHm OdQpTpaRa0OZfs/k5ufCXeJBCLMrQnHQX3rxEDJicnpgT7vf/trJjGYj5BIedBQN +LUcVszF90860wMbd2nsIdGgA2Fg/Osf+KG6yQYBr+XZ/9HaAalNWhGB8UzS26oX iHyV+2ynXGdhSV9i3nIvBaoU2f8Qc80Iw3hwH5iQDBlm+rkpvOE39VuPstpJ9wcq za+moyXxLpOgcdaeDPX9ImwWBAp05zYZ2ha8v6yklleeZaZqhNd4v2sMsub4ZAUb 2T6ZZjvFEG+v63XogmcZhMmzaJ8f4w2ZVo2sI+mwxqgdwfVbUNlRAu5HmDB4kw7O nOIl90Oj =1a+Q -----END PGP SIGNATURE-----