Package: liblasso3 Version: 2.6.0-2+b2 Severity: important Tags: fixed-upstream
Hi, We're using lasso with libapache2-mod-auth-mellon and it crashes every time an IdP sends a (valid) AuthnContextDecl. This has been fixed meanwhile upstream, which I've verified solves the problem: https://dev.entrouvert.org/issues/25640 There is however not a new Lasso release yet (or has been for a while now). Can you incorporate the required patch in Debian so mellon does not crash on these IdPs? Thanks, Thijs -- System Information: Debian Release: 10.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-11-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages liblasso3 depends on: ii libc6 2.28-10 ii libglib2.0-0 2.58.3-2+deb10u2 ii libssl1.1 1.1.1d-0+deb10u2 ii libxml2 2.9.4+dfsg1-7+b3 ii libxmlsec1 1.2.27-2 ii libxmlsec1-openssl 1.2.27-2 ii libxslt1.1 1.1.32-2.2~deb10u1 ii zlib1g 1:1.2.11.dfsg-1 liblasso3 recommends no packages. liblasso3 suggests no packages. -- no debconf information
