Hi Salvatore, Thank you for the report. Looking at the commit r1680 mentioned on the security tracker I fail to see how it addresses the vulnerability described. I suspect this is actually a vulnerability in a dependency shared by opensaml and idp (maybe xmltooling which contains the PKIXValidationInformationResolver class, or shib-common with a recent commit referring to the same SIDP-624 issue [1]).
Emmanuel Bourg [1] http://svn.shibboleth.net/view/java-shib-common?view=revision&revision=1125 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
