-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 22 Jul 2011 19:07:07 -0700 Source: opensaml2 Binary: libsaml6 libsaml2-dev opensaml2-tools opensaml2-schemas libsaml2-doc Architecture: powerpc Version: 2.3-2+squeeze1 Distribution: squeeze-security Urgency: high Maintainer: powerpc Build Daemon (poulenc) Changed-By: Russ Allbery Description: libsaml2-dev - Security Assertion Markup Language library (development) libsaml2-doc - Security Assertion Markup Language library (API docs) libsaml6 - Security Assertion Markup Language library (runtime) opensaml2-schemas - Security Assertion Markup Language library (XML schemas) opensaml2-tools - Security Assertion Markup Language command-line tools Changes: opensaml2 (2.3-2+squeeze1) stable-security; urgency=high . * SECURITY: Fix vulnerability to a "wrapping attack" that could allow a remote, unauthenticated attacker to craft messages that can be successfully verified but contain arbitrary content. This may allow an attacker to subvert the security of software using OpenSAML and supply an unauthenticated login identity and data under the guise of a trusted issuer. (CVE-2011-1411) Checksums-Sha1: 935e2f85d879898835f7bba30b4d590bbe403949 1403712 libsaml6_2.3-2+squeeze1_powerpc.deb 703d06eee179f37a5b2249f03cc1e26b84b9bb0b 48062 libsaml2-dev_2.3-2+squeeze1_powerpc.deb b632a2742ff98f2b42c895a1d432c66bb3b2aa3e 26566 opensaml2-tools_2.3-2+squeeze1_powerpc.deb Checksums-Sha256: 4868b5c695f4664b6eda7e43a0827b1842ed4fd024d2b12f552ae950901de5de 1403712 libsaml6_2.3-2+squeeze1_powerpc.deb c4c57eada9530e64e01dda266c9d2e1bd51bb67c5fb01d72d8eac5d17e7abbd0 48062 libsaml2-dev_2.3-2+squeeze1_powerpc.deb 629c56b806c0b126d9cbb90c735475ce7b7f1b93afb1951ed325e4d3b35f56f3 26566 opensaml2-tools_2.3-2+squeeze1_powerpc.deb Files: fe0987bd1cd2a841e8846baa43869cdb 1403712 libs extra libsaml6_2.3-2+squeeze1_powerpc.deb aa4fab94a42d37c1bd57e436b0eed08a 48062 libdevel extra libsaml2-dev_2.3-2+squeeze1_powerpc.deb e4888c7ec59eaec2fd89c9937926e2cd 26566 text extra opensaml2-tools_2.3-2+squeeze1_powerpc.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBCAAGBQJOzV6UAAoJEAEba0y9vvHNZHAQAKtGW3IRAlo9ksov7w94r5sU 8NW+tz4WXiRDDhDVRpwf3rPDMPZa9Dg83whkETvEjiYnG31JEyDpJN+QS6JPAT5C A1hF/g/0DdMDD6fSeXLH/NG1KlYrMXWijo8Z0kVTBB7qqqKq/GNwhpOFA9/PdRVe dYdKhiIiir+uMvdhsBc3VrWJ0oVZmopqxjY30pwbUzLLhtm9OL7HlycDOJAFLcOd Ca8LE3P7pcNAvxMQ1gJnEIlKDTUI9IplbUJ29YvOWBTMRVigpRmsdD5ZFUBSiUC1 QlC0ZXBBVGR9hIm8DLAJQs0tDFVLBQPcT7A8REeC5jjoaNq7qyfAeZYpgyu4WnQ5 ncOb6IrA16y4x+dxOmBxomg/ndf4RCglu3npWwP8kqcFGIuQdCXtaDKoKWgnu+U9 92Sr89mcWYAjinkIX+2A5gyTUXQrK7wcq3Ielnarj6OTEnW1EbhxBscbkz5Mzcwa +KNMBi7If9L7tY+tXVVnJhS3Nwr53L/ZGCnEVXV9dMzdGWRyNw9NnOedlaSjxTOB oULESaPpmB3HY7MUVY/pe6RUxQVj5Tmkfetsf6fzV0boSBttzQZnZZoYS3S2XcB9 EmcfEjfpBWHjn28B4VPQOr+6MZEqXB3UquOdNiC9pdKtwE6odugT/N9QpqwIaRSj bGHFW78OEimy9qBzsLMe =FylQ -----END PGP SIGNATURE-----