Processing commands for cont...@bugs.debian.org: > #shibboleth-sp2 (2.3+dfsg-1) unstable; urgency=high > # > # * New upstream release. > # - SECURITY: Partial fix for improper handling of URLs that could be > # abused for script injection and other cross-site scripting attacks. > # The complete fix also requires newer xmltooling and opensaml2 > # packages. (Closes: #555608, CVE-2009-3300) > # - Avoid shibd crash on dead memcache server. > # - Pass the affiliation name to the session initiator. > # - Correctly handle a bogus ACS. > # - Allow overriding the URL that's passed to the DS. > # - Add schema types for new attribute decoders introduced in 2.2. > # - Handle success with partial logout in the logout UI code. > # - Fix POST data preservation with empty parameters and empty forms. > # - Fix SAML 1 specification of attributes in the query plugin. > # - Shorten ePTId-type persistent identifiers. > # - Use an ID rather than a whole doc reference for generated metadata. > # - Fix spelling of scopeDelimiter in the configuration parser, making > # the code and documentation match the schema. > # > limit source shibboleth-sp2 Limiting to bugs with field 'source' containing at least one of 'shibboleth-sp2' Limit currently set to 'source':'shibboleth-sp2'
> tags 555608 + pending Bug #555608 [shibboleth-sp2] CVE-2009-3300 Added tag(s) pending. > End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
