-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Fri, 22 Jul 2011 19:07:07 -0700 Source: opensaml2 Binary: libsaml6 libsaml2-dev opensaml2-tools opensaml2-schemas libsaml2-doc Architecture: ia64 Version: 2.3-2+squeeze1 Distribution: squeeze-security Urgency: high Maintainer: ia64 Build Daemon (mundy) Changed-By: Russ Allbery Description: libsaml2-dev - Security Assertion Markup Language library (development) libsaml2-doc - Security Assertion Markup Language library (API docs) libsaml6 - Security Assertion Markup Language library (runtime) opensaml2-schemas - Security Assertion Markup Language library (XML schemas) opensaml2-tools - Security Assertion Markup Language command-line tools Changes: opensaml2 (2.3-2+squeeze1) stable-security; urgency=high . * SECURITY: Fix vulnerability to a "wrapping attack" that could allow a remote, unauthenticated attacker to craft messages that can be successfully verified but contain arbitrary content. This may allow an attacker to subvert the security of software using OpenSAML and supply an unauthenticated login identity and data under the guise of a trusted issuer. (CVE-2011-1411) Checksums-Sha1: 0dd8e8ab3522d40ec59b411f7b2221fb3c6e3291 1612980 libsaml6_2.3-2+squeeze1_ia64.deb 46a652be69a0e2cdfcf7f8c5040ad5d9da99bb7e 47968 libsaml2-dev_2.3-2+squeeze1_ia64.deb 4d3e148eea2878b4bfb83ad879037945cc1e8af4 30840 opensaml2-tools_2.3-2+squeeze1_ia64.deb Checksums-Sha256: f7f6a2a8b1729232e6462360822820d33b1a5faecff0c23a1047dee7a11971a5 1612980 libsaml6_2.3-2+squeeze1_ia64.deb cef92df025bc73bfb1941f4cc21df4255480286412b487ef28fe9396d0ea2491 47968 libsaml2-dev_2.3-2+squeeze1_ia64.deb b94174a21ae585c7f630d2177115b6dfac8eee5f9374d9b2cc83bfd5ab8aa700 30840 opensaml2-tools_2.3-2+squeeze1_ia64.deb Files: dd89fd63d024768a7424343ae9721924 1612980 libs extra libsaml6_2.3-2+squeeze1_ia64.deb f726465106d7e72c4dad4daf47f93094 47968 libdevel extra libsaml2-dev_2.3-2+squeeze1_ia64.deb b0ff6f61a9ffa40bd6c4f0bba92f2f9a 30840 text extra opensaml2-tools_2.3-2+squeeze1_ia64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJOjGzUAAoJEOxfUAG2iX57iTUIAK5z6AF5kG3c4KSmCT5u389a 9b7Qw0IlLHGyf7b0ms9asVuOlYDw4d4wML9mP/mnRNXJGyeiov7WCJPhiHRBKsY4 u3+NL20RT9e9DZpAkN132lN6GP3Hh0TAC7Qkgl/UhxxQxp9IiJcJR9BgXPvf5hS4 WcvCNjVMBtuqukVX6yA2Sl1++Zp3voQtlf9Ig32Pqt9jI/Dr1J8tTYtxqSM6+leR rlKAqr0sEFiKk7k1haVi0sR6cahpcFo0GOKIHLU5WluAdX2dWcKNJwlsMVyBZZ7p Wm46/QbJJlr3MtUWNjWQtKtwE4rfO0GdCQ3PZ2Xl32wxojPe0k2ryO6Bu/EXJ34= =+llp -----END PGP SIGNATURE-----