-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Fri, 22 Jul 2011 19:07:07 -0700 Source: opensaml2 Binary: libsaml6 libsaml2-dev opensaml2-tools opensaml2-schemas libsaml2-doc Architecture: mips Version: 2.3-2+squeeze1 Distribution: squeeze-security Urgency: high Maintainer: Debian Build Daemon Changed-By: Russ Allbery Description: libsaml2-dev - Security Assertion Markup Language library (development) libsaml2-doc - Security Assertion Markup Language library (API docs) libsaml6 - Security Assertion Markup Language library (runtime) opensaml2-schemas - Security Assertion Markup Language library (XML schemas) opensaml2-tools - Security Assertion Markup Language command-line tools Changes: opensaml2 (2.3-2+squeeze1) stable-security; urgency=high . * SECURITY: Fix vulnerability to a "wrapping attack" that could allow a remote, unauthenticated attacker to craft messages that can be successfully verified but contain arbitrary content. This may allow an attacker to subvert the security of software using OpenSAML and supply an unauthenticated login identity and data under the guise of a trusted issuer. (CVE-2011-1411) Checksums-Sha1: f07f85d0e9dfbf55dda9ada7d700ebf69ba6617b 1258320 libsaml6_2.3-2+squeeze1_mips.deb 0037eaa01759dd5fbcd6ff78822f9514f696d8e4 48326 libsaml2-dev_2.3-2+squeeze1_mips.deb 939e3e77143f8b231ab23b6bc0395e900d3a1d1e 25016 opensaml2-tools_2.3-2+squeeze1_mips.deb Checksums-Sha256: 258e8bb9add557f147cba10d834af14c7a86f0a7cbf7fb51a9e45a4ed3cabb2a 1258320 libsaml6_2.3-2+squeeze1_mips.deb 6fbd9670a1311c686b8da742781827469cbd64311ac83a93b68bb032494e1344 48326 libsaml2-dev_2.3-2+squeeze1_mips.deb 2cdd73d16b2a926cfabdcc675c69aefb21a4a1eb9bc4d6767ba20aac72761df0 25016 opensaml2-tools_2.3-2+squeeze1_mips.deb Files: f44400aa0fb7c25c8ecc0fc619d42edb 1258320 libs extra libsaml6_2.3-2+squeeze1_mips.deb 1ec3274cd81ce32f9ad3e352f304b7f4 48326 libdevel extra libsaml2-dev_2.3-2+squeeze1_mips.deb ac377e1fc3ad2d5ffc9ae6cc19a5362a 25016 text extra opensaml2-tools_2.3-2+squeeze1_mips.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJOjGzWAAoJEOxfUAG2iX57oToIAJ9bGsoyizmmkMK940HL2PxS I2nWHnCQNUkV31gS7pR7o14NTEYzjHwXUXdKAScztmBPg5mRnBdY/nIIeeBOZEm4 Vvtd/c0VHN3mO9jujMH9Vw0SKI8BUlm1D6Jv3GvVCkQU4CzE2X50t2U5S5Bx2vIn Erx6koZUqtZ5VPf8Wha43hEKKQO0mkoi6GgYsbans8suZVsuxRoZ+sbnUEDq6waG GyooVuu8OZRi9/sBRi3u6LQqw0Kq1b1QD96wkvHTNzJ87c/+DnlXZ+A6JSszU3b2 RpdL84+dtOYlDFGamem12JFXIUzUi7SUqROEU/k7FJAcaNKjtzu+vQzRpFK83qQ= =eVNy -----END PGP SIGNATURE-----