-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Fri, 22 Jul 2011 19:07:07 -0700 Source: opensaml2 Binary: libsaml6 libsaml2-dev opensaml2-tools opensaml2-schemas libsaml2-doc Architecture: armel Version: 2.3-2+squeeze1 Distribution: squeeze-security Urgency: high Maintainer: armel Build Daemon (arnold) Changed-By: Russ Allbery Description: libsaml2-dev - Security Assertion Markup Language library (development) libsaml2-doc - Security Assertion Markup Language library (API docs) libsaml6 - Security Assertion Markup Language library (runtime) opensaml2-schemas - Security Assertion Markup Language library (XML schemas) opensaml2-tools - Security Assertion Markup Language command-line tools Changes: opensaml2 (2.3-2+squeeze1) stable-security; urgency=high . * SECURITY: Fix vulnerability to a "wrapping attack" that could allow a remote, unauthenticated attacker to craft messages that can be successfully verified but contain arbitrary content. This may allow an attacker to subvert the security of software using OpenSAML and supply an unauthenticated login identity and data under the guise of a trusted issuer. (CVE-2011-1411) Checksums-Sha1: b37aa657ebbfe7fbf984856e4e2cb8904fd1fa49 1147938 libsaml6_2.3-2+squeeze1_armel.deb c0100f4b4ecc246454de553342f762dfe4c985e4 47796 libsaml2-dev_2.3-2+squeeze1_armel.deb 6c85bb59175f3ebfae0d38677f26e25911a15873 25154 opensaml2-tools_2.3-2+squeeze1_armel.deb Checksums-Sha256: f1e119491ec311184a6876743fa33ac104864dda568561fbb0e41e1dbbaeba3f 1147938 libsaml6_2.3-2+squeeze1_armel.deb a25bce9ec8feb9b913b92af0cf7206c8108fbc5e635d329aaf15b942e8ead5ab 47796 libsaml2-dev_2.3-2+squeeze1_armel.deb 5c04492ae0bf1248318aa7d28c0e07b8c57bd231b54e44e136f6af2f648901e3 25154 opensaml2-tools_2.3-2+squeeze1_armel.deb Files: 04a6d50e5c27461e97c1a3a48ceaebdb 1147938 libs extra libsaml6_2.3-2+squeeze1_armel.deb f698fbbac9acb9ce80181234f7897bcf 47796 libdevel extra libsaml2-dev_2.3-2+squeeze1_armel.deb 09e6235fd3490e9d51a3d36b01829841 25154 text extra opensaml2-tools_2.3-2+squeeze1_armel.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJOjGzLAAoJEOxfUAG2iX57JlIIAMH5uHWrODFP85n9Dz7s5zxO i0T9fQmOoDjyk/m1FGSoa5la4OLlFockN7yb+DS9ftX9qku6S6YWQ+/6tev73Dr3 PHxJk6ptEExEQzM9Vrneklaj94JQYRiVAlqt0LVBuk+Asob7PslfoL2gbBC2BRjP p2Mz6bPziNzFAHri60IS7BW2Sslu2tOAwVP9Vg1SMWAwjUiTR5QWv9wYCuOe1HTE Ry1J8Gv1e48DQNdXCr0YSRqrHyVarnJookTzZY9VN/yFwyfzF/olh0n2MzZiqtzW pH49UOndl+l9MBSAxlti7zDH/w9FDDLuQdsNpNhy0aGcJLWTEvtozIRuSOue09o= =HGob -----END PGP SIGNATURE-----