Debian Bug report logs -
#759470
libopensaml2-java: CVE-2014-3603
Reported by: Moritz Muehlenhoff <jmm@inutil.org>
Date: Wed, 27 Aug 2014 11:27:02 UTC
Severity: grave
Tags: security
Fixed in version libopensaml2-java/2.6.2-1
Done: tony mancill <tmancill@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>:
Bug#759470; Package libopensaml2-java.
(Wed, 27 Aug 2014 11:27:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>.
(Wed, 27 Aug 2014 11:27:07 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libopensaml2-java
Severity: grave
Tags: security
Justification: user security hole
Please see http://shibboleth.net/community/advisories/secadv_20140813.txt
Cheers,
Moritz
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>:
Bug#759470; Package libopensaml2-java.
(Thu, 28 Aug 2014 01:27:05 GMT) (full text, mbox, link).
Acknowledgement sent
to tony mancill <tmancill@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>.
(Thu, 28 Aug 2014 01:27:05 GMT) (full text, mbox, link).
Message #10 received at 759470@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On 08/27/2014 04:07 AM, Moritz Muehlenhoff wrote:
> Package: libopensaml2-java
> Severity: grave
> Tags: security
> Justification: user security hole
>
> Please see http://shibboleth.net/community/advisories/secadv_20140813.txt
Hi Moritz - thank you for the bug report.
I have prepared an upload of 2.6.2, which is the recommended version at
the shibboleth.net site. I'll coordinate an upload once I talk to
Matthew Vernon.
Cheers,
tony
[signature.asc (application/pgp-signature, attachment)]
Reply sent
to tony mancill <tmancill@debian.org>:
You have taken responsibility.
(Thu, 28 Aug 2014 21:12:19 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer.
(Thu, 28 Aug 2014 21:12:19 GMT) (full text, mbox, link).
Message #15 received at 759470-close@bugs.debian.org (full text, mbox, reply):
Source: libopensaml2-java
Source-Version: 2.6.2-1
We believe that the bug you reported is fixed in the latest version of
libopensaml2-java, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 759470@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
tony mancill <tmancill@debian.org> (supplier of updated libopensaml2-java package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 28 Aug 2014 13:21:20 -0700
Source: libopensaml2-java
Binary: libopensaml2-java libopensaml2-java-doc
Architecture: source all
Version: 2.6.2-1
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: tony mancill <tmancill@debian.org>
Description:
libopensaml2-java - OpenSAML-J
libopensaml2-java-doc - Documentation for OpenSAML-J
Closes: 759470
Changes:
libopensaml2-java (2.6.2-1) unstable; urgency=high
.
* Team upload.
* New upstream release to address CVE-2014-3603. (Closes: #759470)
* Add debian/watch and debian/orig-tar.sh script.
* Add build-deps on libmaven-javadoc-plugin-java and
libjcip-annotations-java.
Checksums-Sha1:
5cfe1abe379e120f6cb4bd8d63254bd4a4a94a20 2538 libopensaml2-java_2.6.2-1.dsc
f5dd78c5fa400ad6b02c08cb20f8b833ba1b6fdf 424900 libopensaml2-java_2.6.2.orig.tar.xz
8b0462bd7104752a7aefe268943f21ad8199be24 4128 libopensaml2-java_2.6.2-1.debian.tar.xz
197348833a5f4877ddd8e42b02660b670debec81 1146930 libopensaml2-java_2.6.2-1_all.deb
62f8620925d2fcb207aaf84408a4a70aae8b79e6 6913962 libopensaml2-java-doc_2.6.2-1_all.deb
Checksums-Sha256:
17a721d6c5b2dd7eb4a781d0e6fe3309c477169570a7d48f650e9171e4b2ad63 2538 libopensaml2-java_2.6.2-1.dsc
809558eb2416a817c9a6858403708fbe4df349f96b8d5b4fdc6f8c2bdd59c891 424900 libopensaml2-java_2.6.2.orig.tar.xz
ef2f8d5161eceeac4f3dce2406f78b486d0528b9bb3e665bbd999ff742ea270f 4128 libopensaml2-java_2.6.2-1.debian.tar.xz
4ca7bd79cf041ab3bf27fa8263bf9352e9f8c8bc20f444a18bca5c835b42084a 1146930 libopensaml2-java_2.6.2-1_all.deb
5053bbcf86ac0e4891cc836b10a8e35fa919a20b1f3a1effdf1858ca30a40eef 6913962 libopensaml2-java-doc_2.6.2-1_all.deb
Files:
8c124da1345aca05ded64139521891a3 1146930 java optional libopensaml2-java_2.6.2-1_all.deb
265d71d6c5da215803a99352c680f8d7 6913962 doc optional libopensaml2-java-doc_2.6.2-1_all.deb
55d03a7fbbf47421bfdb4e23e29b5074 2538 java optional libopensaml2-java_2.6.2-1.dsc
ba9c6a77cab9ae95fe2778c22a28e91c 424900 java optional libopensaml2-java_2.6.2.orig.tar.xz
a9c9dadd2b7429c183d9624125eb16a1 4128 java optional libopensaml2-java_2.6.2-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJT/5R4AAoJECHSBYmXSz6WJPEQAI32IHh/qCSDK9l4YTaZ4mP7
JsWrAwLo6Gm1SE3sBkbUVbeFOTqmYfxzX5aEIuZlDf5CuUUL+haiQPxRtIYxtxAR
LSDEtcpTMRpdRLDetKkTS4XGRS0X4RJbOBzO8a27eHrAjbqB2wiQcYOaL9goIR1g
+nGqHr6CsibM96ATUVDk2VahvDpnnme3W4Ja5bVPO+mLZ/o2b4kB0I8FhiCDAxHo
H1LvGg457x8dpah4YaKQs5sS2aB0bRyEuSxn3x9OJMrmLnI0kClf23AzukurKdfD
PMpuvbVzgnYaF+UpKyPB9MANqDrUY9GP8dS907w1Wdkcm5cMj4+FZ4fDzvyDsvEF
KrbOQK0JHKvcu3wpdIvMBsojegc9GIY9qKOYYrw8tVIKeUAa2NpvLh4VYpaESWD9
OXREw/ujgJITLU7FD8NSiuU+ppPPh6cSygFsn0uU5bVINbBLMTC+BEUnLdav1j1P
C8n0MGINhqeST1yPDYDEPTRJ0W77p2+nOKZx4oRb/bNTCPOH6Jf8CPP7yXttjyZm
YYXbj304wkFCNgFqCgycb6uDi2BH7kKRT+IPDZsj4xnNsgqGgxOHn97UM6PyqYn7
DF+FIW2xlmGlbe4kK0KgUNusFc5pOGCM58+yQyxQcGtHZas6bJNK481L/J4kT5bf
9zdExxTufPt+TFarUHzK
=H3i2
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 26 Sep 2014 07:34:31 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:31:30 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon