1
shibboleth-sp (1.3.1.dfsg1-3+lenny1build0.9.04.2) jaunty-security; urgency=low
3
* fix FTBFS by backporting fixes from 1.3.1.dfsg1-4:
4
- Adjust autoreconf calling method so that Autoconf 2.63 will install
5
supporting files. (Closes: #533931)
6
- Remove additional libtool M4 files on debian/rules clean.
8
-- Jamie Strandboge <jamie@ubuntu.com> Tue, 06 Oct 2009 15:42:18 -0500
10
shibboleth-sp (1.3.1.dfsg1-3+lenny1build0.9.04.1) jaunty-security; urgency=low
12
* fake sync from Debian
14
-- Jamie Strandboge <jamie@ubuntu.com> Tue, 06 Oct 2009 13:21:02 -0500
16
shibboleth-sp (1.3.1.dfsg1-3+lenny1) stable-security; urgency=high
18
* SECURITY: Correctly handle decoding of malformed URLs, closing a
19
possibly exploitable buffer overflow.
20
See <http://shibboleth.internet2.edu/secadv/secadv_20090826.txt>
21
* SECURITY: Certificate subject names were incorrectly matched against
22
trusted "key names" when they contained nul characters. This affects
23
only Shibboleth deployments relying on the "PKIX" style of trust
24
validation, used in the absence of explicit certificate information in
25
the SAML metadata provided to the SP and reliance on certificate
26
authorities found in the <KeyAuthority> metadata extension element.
27
See <http://shibboleth.internet2.edu/secadv/secadv_20090817.txt>
29
-- Russ Allbery <rra@debian.org> Thu, 24 Sep 2009 20:27:16 -0700
1
31
shibboleth-sp (1.3.1.dfsg1-3) unstable; urgency=low
3
33
* Unlink the correct Apache configuration on package removal.