1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted shibboleth-sp 3.0.4+dfsg1-1+deb10u2 (source) into proposed-upd

    From Debian FTP Masters@21:1/5 to All on Fri Apr 30 18:50:02 2021
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Mon, 26 Apr 2021 15:37:15 +0200
    Source: shibboleth-sp
    Architecture: source
    Version: 3.0.4+dfsg1-1+deb10u2
    Distribution: buster-security
    Urgency: high
    Maintainer: Debian Shib Team <pkg-shibboleth-devel@lists.alioth.debian.org> Changed-By: Ferenc Wágner <wferi@debian.org>
    Closes: 987608
    Changes:
    shibboleth-sp (3.0.4+dfsg1-1+deb10u2) buster-security; urgency=high
    .
    * [2dd45b3] New patch: SSPCPP-927 - Check for missing DataSealer during
    cookie recovery.
    Fix a denial of service vulnerability: Session recovery feature contains
    a null pointer dereference
    The cookie-based session recovery feature added in V3.0 contains a
    flaw that is exploitable on systems *not* using the feature if a
    specially crafted cookie is supplied.
    This manifests as a crash in the shibd daemon.
    Because it is very simple to trigger this condition remotely, it
    results in a potential denial of service condition exploitable by
    a remote, unauthenticated attacker.
    Thanks to Scott Cantor (Closes: #987608)
    Checksums-Sha1:
    aa91efd3b9c6f26b0ad95dfae340a49f41e8923c 3034 shibboleth-sp_3.0.4+dfsg1-1+deb10u2.dsc
    936ea173fc1b0c9998f657b897650b9f7fdd84d1 79896 shibboleth-sp_3.0.4+dfsg1-1+deb10u2.debian.tar.xz
    d74e5e9b65ef48c88c4294cf5a0d0ece4da1667c 14116 shibboleth-sp_3.0.4+dfsg1-1+deb10u2_amd64.buildinfo
    Checksums-Sha256:
    82ce3e5b624c34754807c76a70fc5549dc535e9c5d01af396b76966d9f9cf39d 3034 shibboleth-sp_3.0.4+dfsg1-1+deb10u2.dsc
    01a3257b10e940430af70754daeccc29c08c091ae04a1fd519ff67cefb83b878 79896 shibboleth-sp_3.0.4+dfsg1-1+deb10u2.debian.tar.xz
    74fdf85b4918fd5867fc5c858dd13c222327ca9dda34ed8901c1187ff07c0d56 14116 shibboleth-sp_3.0.4+dfsg1-1+deb10u2_amd64.buildinfo
    Files:
    f74cbb538977ef3921821dd62ca772df 3034 web optional shibboleth-sp_3.0.4+dfsg1-1+deb10u2.dsc
    2cf9a7879a9838f4cdf8f0d023e957c4 79896 web optional shibboleth-sp_3.0.4+dfsg1-1+deb10u2.debian.tar.xz
    22afb3d6e117204e01b703a96a5750d2 14116 web optional shibboleth-sp_3.0.4+dfsg1-1+deb10u2_amd64.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEwddEx0RNIUL7eugtOsj3Fkd+2yMFAmCGwyoACgkQOsj3Fkd+ 2yMYoA//QzDdBzy8ibufj0OP+eFfZ3OUzg9payDQt0AVf0y1tWc1qRlfiYQef2tK gZgkx0f612C2nbL9fvqLgpzpCbFAQNYkM4oGbF2gV+ID/sJ+ejAgFIMutGsgCBjW /VXr3HBkEj5M39X3EJI/Fn/ba+OGCi93v00TQhN2ZawZ/PdnZKqy4n/NBD+JFnQd g98/B+6thQZLgepdUNRCZfxc6sgwlsAi3eWHbPQEoOu/UDBNgOPtrs6RoVqSWwVy 1p+KuiYJa6BDwPbvNQEWPa1epTd1Z53E/fDe6A4bficW20Go3GkbX7Z5XXxkhH5p webYb6fsJiG9+0lGnepInl+BBrbcb4H3aoVH9hG31xiJTO1ay3aLDSrUsjMSJCrF nfcswAlYcQJUnUqAWcS3tz2L/BhMYPH4ina3AG/zWZimYxJiVfGpEbKFRIzmYThC Pc11mcQFrXCfg4KAsWxwyeRwU2xeBt1IEBkivusOufPjWw0UJ8mB/li69bkWdWeH LMOP5niAVczIKgNjnTURn9DTDIV/uUq8BWEIgu1aMFMVNCyRjd57jaFrvuMmZCdh knBWwxkhZoQ5Q7I9f7UW0vtUqSqxyHmMDq70EuWPRqjkD4jCePpDqd2OuWUmfpXB kn4Mn7cMP6r+MZwrDqKJEOOYUwQULmH5Dvii/LqwOCWJ0APgl98=
    =rii5
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)