Bug 22047 - opensaml new security issue CVE-2017-16853
Summary: opensaml new security issue CVE-2017-16853
Status: RESOLVED WONTFIX
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Guillaume Rousse
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-11-17 16:53 CET by David Walser
Modified: 2017-11-18 10:50 CET (History)
1 user (show)

See Also:
Source RPM: opensaml-2.5.2-6.1.mga5.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2017-11-17 16:53:15 CET 
Debian has issued an advisory on November 16:
https://www.debian.org/security/2017/dsa-4039

Corresponding upstream advisory from November 15:
https://shibboleth.net/community/advisories/secadv_20171115.txt

The issue is fixed upstream in 2.6.1, and a patch can be obtained from upstream git or from Debian.
David Walser 2017-11-17 16:53:25 CET

See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=22046

Comment 1 Marja Van Waes 2017-11-17 20:49:25 CET 
Assigning to the registered opensaml maintainer.

Assignee: bugsquad => guillomovitch
CC: (none) => marja11

Comment 2 Guillaume Rousse 2017-11-18 10:50:02 CET 
Same answer as for bug #22046.

Status: NEW => RESOLVED
Resolution: (none) => WONTFIX
Note You need to log in before you can comment on or make changes to this bug.