Bug 22047

Summary: opensaml new security issue CVE-2017-16853
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Guillaume Rousse <guillomovitch>
Status: RESOLVED WONTFIX QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: marja11
Version: 5   
Target Milestone: ---   
Hardware: All   
OS: Linux   
See Also: https://bugs.mageia.org/show_bug.cgi?id=22046
Whiteboard:
Source RPM: opensaml-2.5.2-6.1.mga5.src.rpm CVE:
Status comment:

Description David Walser 2017-11-17 16:53:15 CET 
Debian has issued an advisory on November 16:
https://www.debian.org/security/2017/dsa-4039

Corresponding upstream advisory from November 15:
https://shibboleth.net/community/advisories/secadv_20171115.txt

The issue is fixed upstream in 2.6.1, and a patch can be obtained from upstream git or from Debian.
David Walser 2017-11-17 16:53:25 CET

See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=22046

Comment 1 Marja Van Waes 2017-11-17 20:49:25 CET 
Assigning to the registered opensaml maintainer.

Assignee: bugsquad => guillomovitch
CC: (none) => marja11

Comment 2 Guillaume Rousse 2017-11-18 10:50:02 CET 
Same answer as for bug #22046.

Status: NEW => RESOLVED
Resolution: (none) => WONTFIX