Skip to content
GitLab
Tags give the ability to mark specific points in history as being important
  • debian/3.2.3+dfsg1-1
    a8eba644 · Update changelog for 3.2.3+dfsg1-1 release · 
    shibboleth-sp Debian release 3.2.3+dfsg1-1

Format: 1.8
Date: Sat, 02 Oct 2021 15:15:41 +0200
Source: shibboleth-sp
Architecture: source
Version: 3.2.3+dfsg1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Shib Team <pkg-shibboleth-devel@alioth-lists.debian.net>
Changed-By: Ferenc Wágner <wferi@debian.org>
Changes:
 shibboleth-sp (3.2.3+dfsg1-1) unstable; urgency=medium
 .
   [ Ferenc Wágner ]
   * [147bb17] Remove stale comment from debian/copyright
     shibsp/paths.h has not been distributed since version 3.0.3.
   * [9488c47] Set field Upstream-Name in debian/copyright
   * [bbdedb6] New upstream release: 3.2.3
   * [15ea78b] Refresh our patches
   * [68f4827] Accommodate more context in the Lintian webapp warning
   * [9b29d1e] Update Standards-Version to 4.6.0 (no changes required)
 .
   [ Debian Janitor ]
   * [b452f06] Use secure URI in Homepage field
Checksums-Sha1:
 2d15f4d2e4e856be31fc73add291e13c079388c6 2892 shibboleth-sp_3.2.3+dfsg1-1.dsc
 ac90a5fd72aa11a69ad305b621f04bd0d17e7a72 640260 shibboleth-sp_3.2.3+dfsg1.orig.tar.xz
 84aa4ba81e5abeb39710bf82fb322e5789695f0f 42280 shibboleth-sp_3.2.3+dfsg1-1.debian.tar.xz
 2049c31298ce9342be3177e7cc8538148627d6ce 13187 shibboleth-sp_3.2.3+dfsg1-1_amd64.buildinfo
Checksums-Sha256:
 b781542b1290831fd90b4807374c0dda50cf6c945cbfdf13ee9d72157fc0f6b2 2892 shibboleth-sp_3.2.3+dfsg1-1.dsc
 24e863b93b493a4b3403bc8c0c3853528ff0b1255da288564f95deeafb731940 640260 shibboleth-sp_3.2.3+dfsg1.orig.tar.xz
 c20bdceceaa943e75659b0a80741fa89a3925aaf289b92b49988bb3885dabb3c 42280 shibboleth-sp_3.2.3+dfsg1-1.debian.tar.xz
 7c021e0c88a3fea0aa6fe147cb9380fed84c566de8d297faf8904a46f8764497 13187 shibboleth-sp_3.2.3+dfsg1-1_amd64.buildinfo
Files:
 983b0328dd5fc24444f0cc3bbde51123 2892 web optional shibboleth-sp_3.2.3+dfsg1-1.dsc
 1aad8b7a62c6728d8a9bd99e3f188f7d 640260 web optional shibboleth-sp_3.2.3+dfsg1.orig.tar.xz
 7f0bf643fccc1fc79540694926bc3061 42280 web optional shibboleth-sp_3.2.3+dfsg1-1.debian.tar.xz
 bf9fc6312a50154a3576748f43e784d9 13187 web optional shibboleth-sp_3.2.3+dfsg1-1_amd64.buildinfo
  • upstream/3.2.3+dfsg1
    e09610a7 · New upstream version 3.2.3+dfsg1 · 
    Upstream version 3.2.3+dfsg1
  • 3.2.3.1
    3fb175c4 · Bump file version on IIS DLL. · 
    Tag 3.2.3.1 release.
  • 3.2.3
    513a3a53 · SSPCPP-937 - RequestMap doesn't reset internal variable during path decode · 
    Tagging 3.2.3 release.
  • 3.2.2.2
    5dd2007a · SSPCPP-934 · 
    Tag 3.2.2.2 release.
  • switchaai/3.2.2+dfsg1-1_switchaai1_ubuntu18.04.1
    2a1c023b · Update changelog for 3.2.2+dfsg1-1~switchaai1~ubuntu18.04.1 release · 
    shibboleth-sp SWITCHaai release 3.2.2+dfsg1-1~switchaai1~ubuntu18.04.1
  • switchaai/3.2.2+dfsg1-1_switchaai1_ubuntu20.04.1
    ec2dcf5a · Update changelog for 3.2.2+dfsg1-1~switchaai1~ubuntu20.04.1 release · 
    shibboleth-sp SWITCHaai release 3.2.2+dfsg1-1~switchaai1~ubuntu20.04.1
  • switchaai/3.2.2+dfsg1-1_switchaai1_debian9.1
    4eedb230 · Update changelog for 3.2.2+dfsg1-1~switchaai1~debian9.1 release · 
    shibboleth-sp SWITCHaai release 3.2.2+dfsg1-1~switchaai1~debian9.1
  • switchaai/3.2.2+dfsg1-1_switchaai1_debian10.1
    428264ef · Update changelog for 3.2.2+dfsg1-1~switchaai1~debian10.1 release · 
    shibboleth-sp SWITCHaai release 3.2.2+dfsg1-1~switchaai1~debian10.1
  • debian/3.2.2+dfsg1-1_bpo10+1
    dffa00c7 · Update changelog for 3.2.2+dfsg1-1~bpo10+1 release · 
    shibboleth-sp Debian release 3.2.2+dfsg1-1~bpo10+1

Format: 1.8
Date: Tue, 04 May 2021 14:26:47 +0200
Source: shibboleth-sp
Architecture: source
Version: 3.2.2+dfsg1-1~bpo10+1
Distribution: buster-backports
Urgency: medium
Maintainer: Debian Shib Team <pkg-shibboleth-devel@alioth-lists.debian.net>
Changed-By: Etienne Dysli Metref <etienne.dysli-metref@switch.ch>
Changes:
 shibboleth-sp (3.2.2+dfsg1-1~bpo10+1) buster-backports; urgency=medium
 .
   * Rebuild for buster-backports.
Checksums-Sha1:
 c603111c0999c71b296966db5d92e3b891521135 2923 shibboleth-sp_3.2.2+dfsg1-1~bpo10+1.dsc
 4dbd985e093554d2ffe08a4dffd06db02167136d 42268 shibboleth-sp_3.2.2+dfsg1-1~bpo10+1.debian.tar.xz
 0fb2a5e68ff7fb25f6836f8d30389567039721f3 13641 shibboleth-sp_3.2.2+dfsg1-1~bpo10+1_amd64.buildinfo
Checksums-Sha256:
 3313b8c0b04577306f3f22346714bc0f25f813814ae16c5bd905f8047ff808ab 2923 shibboleth-sp_3.2.2+dfsg1-1~bpo10+1.dsc
 3423f7eaca406c0e4ac124b25a8094bc960cc7354b399b783ef8990991650b1a 42268 shibboleth-sp_3.2.2+dfsg1-1~bpo10+1.debian.tar.xz
 673d06ccae72764845e6fce0e5f59b00038cfa698a2be94126d24a7a7a2c33ff 13641 shibboleth-sp_3.2.2+dfsg1-1~bpo10+1_amd64.buildinfo
Files:
 496f6cf6eb1bcb74d98b1e49235d501b 2923 web optional shibboleth-sp_3.2.2+dfsg1-1~bpo10+1.dsc
 660fe71b43a433224c58589ecbc8b1ec 42268 web optional shibboleth-sp_3.2.2+dfsg1-1~bpo10+1.debian.tar.xz
 85916585d06099154432a79bd00d1a03 13641 web optional shibboleth-sp_3.2.2+dfsg1-1~bpo10+1_amd64.buildinfo
  • debian/3.2.2+dfsg1-1
    ade5fbf1 · Update changelog for 3.2.2+dfsg1-1 release · 
    shibboleth-sp Debian release 3.2.2+dfsg1-1

Format: 1.8
Date: Tue, 27 Apr 2021 12:11:06 +0200
Source: shibboleth-sp
Architecture: source
Version: 3.2.2+dfsg1-1
Distribution: unstable
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel@alioth-lists.debian.net>
Changed-By: Ferenc Wágner <wferi@debian.org>
Closes: 987608
Changes:
 shibboleth-sp (3.2.2+dfsg1-1) unstable; urgency=high
 .
   * [e44283d] New upstream release: 3.2.2
     High urgency because it fixes CVE-2021-31826:
     Session recovery feature contains a null pointer dereference
     The cookie-based session recovery feature added in V3.0 contains a
     flaw that is exploitable on systems *not* using the feature if a
     specially crafted cookie is supplied.
     This manifests as a crash in the shibd daemon.
     Because it is very simple to trigger this condition remotely, it
     results in a potential denial of service condition exploitable by
     a remote, unauthenticated attacker.
     Thanks to Scott Cantor (Closes: #987608)
   * [3a6ac33] Refresh our patches
Checksums-Sha1:
 51abae0103692c6eb756a0684f956236c766bab3 2891 shibboleth-sp_3.2.2+dfsg1-1.dsc
 15d60364156cd8fd2c60db273cba85f5c28bc075 640648 shibboleth-sp_3.2.2+dfsg1.orig.tar.xz
 f185a257f713b667f861b0cbc83f9270618a84c9 42116 shibboleth-sp_3.2.2+dfsg1-1.debian.tar.xz
 cb8f6304381f00faa35b8480e962b646d25065cb 13102 shibboleth-sp_3.2.2+dfsg1-1_amd64.buildinfo
Checksums-Sha256:
 b855713cb278c5d8051cfb248ad7245f58d7182470e8b6c9dec2552697a85fdf 2891 shibboleth-sp_3.2.2+dfsg1-1.dsc
 14d0d2ca03adf44c77ed5e8738d537dbe6e9abe5a3d6f15d403f9b00964c9f00 640648 shibboleth-sp_3.2.2+dfsg1.orig.tar.xz
 6a4d64544ff5f1bf8028b7ba87519ad50237f52ee157aa4d0138dcab542aef0d 42116 shibboleth-sp_3.2.2+dfsg1-1.debian.tar.xz
 7f83a25d57dc84136dba59d6941a4e717d6c03c44121e26054cf2b7d37edddec 13102 shibboleth-sp_3.2.2+dfsg1-1_amd64.buildinfo
Files:
 23f42f6e2552fce639ed5a19ef8a5ce5 2891 web optional shibboleth-sp_3.2.2+dfsg1-1.dsc
 52199338ebf5612425cb2a076c1b7f70 640648 web optional shibboleth-sp_3.2.2+dfsg1.orig.tar.xz
 a60eb96d9fa7c1fa10b31365c9614184 42116 web optional shibboleth-sp_3.2.2+dfsg1-1.debian.tar.xz
 7487cb96684d3aa30e30d25d8200fa62 13102 web optional shibboleth-sp_3.2.2+dfsg1-1_amd64.buildinfo
  • debian/3.0.4+dfsg1-1+deb10u2
    9a52c743 · Update changelog for 3.0.4+dfsg1-1+deb10u2 release · 
    shibboleth-sp Debian release 3.0.4+dfsg1-1+deb10u2

Format: 1.8
Date: Mon, 26 Apr 2021 15:37:15 +0200
Source: shibboleth-sp
Architecture: source
Version: 3.0.4+dfsg1-1+deb10u2
Distribution: buster-security
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel@lists.alioth.debian.org>
Changed-By: Ferenc Wágner <wferi@debian.org>
Closes: 987608
Changes:
 shibboleth-sp (3.0.4+dfsg1-1+deb10u2) buster-security; urgency=high
 .
   * [2dd45b3] New patch: SSPCPP-927 - Check for missing DataSealer during
     cookie recovery.
     Fix a denial of service vulnerability: Session recovery feature contains
     a null pointer dereference
     The cookie-based session recovery feature added in V3.0 contains a
     flaw that is exploitable on systems *not* using the feature if a
     specially crafted cookie is supplied.
     This manifests as a crash in the shibd daemon.
     Because it is very simple to trigger this condition remotely, it
     results in a potential denial of service condition exploitable by
     a remote, unauthenticated attacker.
     Thanks to Scott Cantor (Closes: #987608)
Checksums-Sha1:
 aa91efd3b9c6f26b0ad95dfae340a49f41e8923c 3034 shibboleth-sp_3.0.4+dfsg1-1+deb10u2.dsc
 936ea173fc1b0c9998f657b897650b9f7fdd84d1 79896 shibboleth-sp_3.0.4+dfsg1-1+deb10u2.debian.tar.xz
 d74e5e9b65ef48c88c4294cf5a0d0ece4da1667c 14116 shibboleth-sp_3.0.4+dfsg1-1+deb10u2_amd64.buildinfo
Checksums-Sha256:
 82ce3e5b624c34754807c76a70fc5549dc535e9c5d01af396b76966d9f9cf39d 3034 shibboleth-sp_3.0.4+dfsg1-1+deb10u2.dsc
 01a3257b10e940430af70754daeccc29c08c091ae04a1fd519ff67cefb83b878 79896 shibboleth-sp_3.0.4+dfsg1-1+deb10u2.debian.tar.xz
 74fdf85b4918fd5867fc5c858dd13c222327ca9dda34ed8901c1187ff07c0d56 14116 shibboleth-sp_3.0.4+dfsg1-1+deb10u2_amd64.buildinfo
Files:
 f74cbb538977ef3921821dd62ca772df 3034 web optional shibboleth-sp_3.0.4+dfsg1-1+deb10u2.dsc
 2cf9a7879a9838f4cdf8f0d023e957c4 79896 web optional shibboleth-sp_3.0.4+dfsg1-1+deb10u2.debian.tar.xz
 22afb3d6e117204e01b703a96a5750d2 14116 web optional shibboleth-sp_3.0.4+dfsg1-1+deb10u2_amd64.buildinfo
  • upstream/3.2.2+dfsg1
    d267b737 · New upstream version 3.2.2+dfsg1 · 
    Upstream version 3.2.2+dfsg1
  • 3.2.2
    a37c6153 · Update so revision. · 
    Tag 3.2.2 release.
  • debian/3.2.1+dfsg1-1_bpo10+1
    7ae45810 · Update changelog for 3.2.1+dfsg1-1~bpo10+1 release · 
    shibboleth-sp Debian release 3.2.1+dfsg1-1~bpo10+1

Format: 1.8
Date: Mon, 22 Mar 2021 13:11:57 +0100
Source: shibboleth-sp
Binary: libapache2-mod-shib libapache2-mod-shib-dbgsym libshibsp-dev libshibsp-doc libshibsp-plugins libshibsp-plugins-dbgsym libshibsp10 libshibsp10-dbgsym shibboleth-sp-common shibboleth-sp-utils shibboleth-sp-utils-dbgsym
Architecture: source i386 all
Version: 3.2.1+dfsg1-1~bpo10+1
Distribution: buster-backports
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel@alioth-lists.debian.net>
Changed-By: Etienne Dysli Metref <etienne.dysli-metref@switch.ch>
Description:
 libapache2-mod-shib - Federated web single sign-on system (Apache module)
 libshibsp-dev - Federated web single sign-on system (development)
 libshibsp-doc - Federated web single sign-on system (API docs)
 libshibsp-plugins - Federated web single sign-on system (plugins)
 libshibsp10 - Federated web single sign-on system (runtime)
 shibboleth-sp-common - Federated web single sign-on system (common files)
 shibboleth-sp-utils - Federated web single sign-on system (daemon and utilities)
Changes:
 shibboleth-sp (3.2.1+dfsg1-1~bpo10+1) buster-backports; urgency=medium
 .
   * Rebuild for buster-backports.
 .
 shibboleth-sp (3.2.1+dfsg1-1) unstable; urgency=high
 .
   * [4ecfe4a] New upstream release: 3.2.1
     High urgency because it contains the fix for the phishing vulnerability
     https://shibboleth.net/community/advisories/secadv_20210317.txt.
   * [80b3470] Refresh our patches
 .
 shibboleth-sp (3.2.0+dfsg1-2) unstable; urgency=medium
 .
   * [84158eb] Revert "New patch: Require XMLTooling and OpenSAML 3.2 via pkg
     config as well"
     This reverts commit 431b176b3127bb0b0ebfb9621a798facec24cce3.
     According to upstream there's no real build requirement here.
   * Upload to unstable
 .
 shibboleth-sp (3.2.0+dfsg1-1) experimental; urgency=medium
 .
   * [6af8bd7] Bump watch file format version to 4
   * [ce7b33d] New upstream release: 3.2.0
   * [4a6d968] Delete upstream patch, refresh the rest
   * [431b176] New patch: Require XMLTooling and OpenSAML 3.2 via pkg config as
     well
   * [20a1f52] Depend on XMLTooling and OpenSAML 3.2
   * [3d4409a] Rename library package for upstream SONAME bump
   * [54cf316] Update Standards-Version to 4.5.1 (no changes required)
Checksums-Sha1:
 885ccc373b86dec8865a7d24593da10db286a1c9 2923 shibboleth-sp_3.2.1+dfsg1-1~bpo10+1.dsc
 e022501e8366370aa9edb4cc0e625326a4883bd8 42000 shibboleth-sp_3.2.1+dfsg1-1~bpo10+1.debian.tar.xz
 63a26cf4070391aa5d096ed0d6d78dd133811218 382136 libapache2-mod-shib-dbgsym_3.2.1+dfsg1-1~bpo10+1_i386.deb
 e5700349756b4904932a51881745194dd0f7fc4c 83840 libapache2-mod-shib_3.2.1+dfsg1-1~bpo10+1_i386.deb
 83b88eb4b374ef92c73704d7d36d92037c1bcb66 67376 libshibsp-dev_3.2.1+dfsg1-1~bpo10+1_i386.deb
 963081e148a2dac419d1ec2b65e0ce79f6ff777e 3386248 libshibsp-doc_3.2.1+dfsg1-1~bpo10+1_all.deb
 3533cef5405ba460a4a0a0c3d75bef898af7c5f9 2422680 libshibsp-plugins-dbgsym_3.2.1+dfsg1-1~bpo10+1_i386.deb
 2cb13dfc968cf738e63ed49db8ee4ebb3cf1dac2 194236 libshibsp-plugins_3.2.1+dfsg1-1~bpo10+1_i386.deb
 5ee1185b8468fcb6af23d1fc1a115836d4902f8c 18257980 libshibsp10-dbgsym_3.2.1+dfsg1-1~bpo10+1_i386.deb
 e655646ea9873ef3e5c2ebba58a2eb76dba8a692 1021256 libshibsp10_3.2.1+dfsg1-1~bpo10+1_i386.deb
 a2203315800f645e3467a0dd7473c3fb8d4debf9 57304 shibboleth-sp-common_3.2.1+dfsg1-1~bpo10+1_all.deb
 94ee9b1d2dc81852704d40d042ae3ca4c164deb9 466268 shibboleth-sp-utils-dbgsym_3.2.1+dfsg1-1~bpo10+1_i386.deb
 f687daeebec481f6a5c3904d15b8f4f960cf1967 92948 shibboleth-sp-utils_3.2.1+dfsg1-1~bpo10+1_i386.deb
 a39ba59cc849452c2266389662ef4ffa090b779a 13567 shibboleth-sp_3.2.1+dfsg1-1~bpo10+1_i386.buildinfo
Checksums-Sha256:
 85b6f967c504536933d0b41c931da5d4946068d828e71db73b4e70af025728d9 2923 shibboleth-sp_3.2.1+dfsg1-1~bpo10+1.dsc
 4c67d559f1434cd114ab286c695745efec31624ca7e04c730828f6ee38f07847 42000 shibboleth-sp_3.2.1+dfsg1-1~bpo10+1.debian.tar.xz
 b6a649df67f803b260f89ac01f25fade4ae67536c62a9a8bed23fe77d8bd87e6 382136 libapache2-mod-shib-dbgsym_3.2.1+dfsg1-1~bpo10+1_i386.deb
 dbc38834cd6de233b5cbd627a976ae555521e9e6c1b029438ab5ad12783783c7 83840 libapache2-mod-shib_3.2.1+dfsg1-1~bpo10+1_i386.deb
 a6dac794b529e9ce0165810cd2312f367ae4072ac28034908386acf356dfcb76 67376 libshibsp-dev_3.2.1+dfsg1-1~bpo10+1_i386.deb
 f29b5540521f9eeeb393e1208848be316a1e4ce71dbd15f2b1e34de06e31ce99 3386248 libshibsp-doc_3.2.1+dfsg1-1~bpo10+1_all.deb
 73c97b559db278a5fe2626a70ea0d969d5ef9180a471bb7d1c27349e7c980d49 2422680 libshibsp-plugins-dbgsym_3.2.1+dfsg1-1~bpo10+1_i386.deb
 39af2e9bf88f15fa7f8a1b9f9129c5a99abc0851bfd524e15767f5b6efca6ad2 194236 libshibsp-plugins_3.2.1+dfsg1-1~bpo10+1_i386.deb
 33f8adc8e3c5e70f3a0078e23824fc82efc4e5bc4a1b9244a42bdf22f593c62c 18257980 libshibsp10-dbgsym_3.2.1+dfsg1-1~bpo10+1_i386.deb
 e3b821bd91ef5e7b9593fee70e39c690c72885b549c27c0d1e2744296aa2ec29 1021256 libshibsp10_3.2.1+dfsg1-1~bpo10+1_i386.deb
 8273013e365402376f1191f27bedfe45836bce948ff29279a15db04830c3922a 57304 shibboleth-sp-common_3.2.1+dfsg1-1~bpo10+1_all.deb
 9edc46d99a3a3947c816d8ebe9bfb03af3022f03057d0e1df2e6424c81ed5938 466268 shibboleth-sp-utils-dbgsym_3.2.1+dfsg1-1~bpo10+1_i386.deb
 bd00f4ec80505ec5a13aeee99deb98709e945d9efeda3eb81375b82d580e987d 92948 shibboleth-sp-utils_3.2.1+dfsg1-1~bpo10+1_i386.deb
 686feb75a7fefd0e15a7b63e285a713f7bda186af1626e2054b1214637a4c35d 13567 shibboleth-sp_3.2.1+dfsg1-1~bpo10+1_i386.buildinfo
Files:
 c9e6fe6129094bfbcaed77b9e942df93 2923 web optional shibboleth-sp_3.2.1+dfsg1-1~bpo10+1.dsc
 16c594ef5f477eaf372b3645f05f02c2 42000 web optional shibboleth-sp_3.2.1+dfsg1-1~bpo10+1.debian.tar.xz
 5b101a22f647c0ff7e03049e28cd0dbc 382136 debug optional libapache2-mod-shib-dbgsym_3.2.1+dfsg1-1~bpo10+1_i386.deb
 cc3d11fceeb454f20eb6633806ed26fd 83840 httpd optional libapache2-mod-shib_3.2.1+dfsg1-1~bpo10+1_i386.deb
 ca472b31e037d40563d50da5e32409c4 67376 libdevel optional libshibsp-dev_3.2.1+dfsg1-1~bpo10+1_i386.deb
 7ac3e977e8e80b77ff5f0736b5ea4722 3386248 doc optional libshibsp-doc_3.2.1+dfsg1-1~bpo10+1_all.deb
 6adc73cf69982b6ed695724a33464209 2422680 debug optional libshibsp-plugins-dbgsym_3.2.1+dfsg1-1~bpo10+1_i386.deb
 ffa01f86bfdedffba225f899d9899b69 194236 libs optional libshibsp-plugins_3.2.1+dfsg1-1~bpo10+1_i386.deb
 ae35ffd2094129e3216f28a6bb81f00b 18257980 debug optional libshibsp10-dbgsym_3.2.1+dfsg1-1~bpo10+1_i386.deb
 b7ac5979f6e06de916423c66e29c9f26 1021256 libs optional libshibsp10_3.2.1+dfsg1-1~bpo10+1_i386.deb
 b2a50ae86e9f40bebec163583d2d935b 57304 libs optional shibboleth-sp-common_3.2.1+dfsg1-1~bpo10+1_all.deb
 4dc660710109cc2108341f9aeb4a0c07 466268 debug optional shibboleth-sp-utils-dbgsym_3.2.1+dfsg1-1~bpo10+1_i386.deb
 aff23c7f1557487cb5bf21c428e34936 92948 web optional shibboleth-sp-utils_3.2.1+dfsg1-1~bpo10+1_i386.deb
 6fbfdf075bfff111a2223d0a36c1065f 13567 web optional shibboleth-sp_3.2.1+dfsg1-1~bpo10+1_i386.buildinfo
  • debian/3.0.4+dfsg1-1+deb10u1_bpo9+1
    439a0b05 · Update changelog for 3.0.4+dfsg1-1+deb10u1~bpo9+1 release · 
    shibboleth-sp Debian release 3.0.4+dfsg1-1+deb10u1~bpo9+1

Format: 1.8
Date: Mon, 22 Mar 2021 13:55:57 +0100
Source: shibboleth-sp
Binary: libapache2-mod-shib libshibsp8 libshibsp-plugins libshibsp-dev libshibsp-doc shibboleth-sp-common shibboleth-sp-utils libapache2-mod-shib2 shibboleth-sp2-common shibboleth-sp2-utils
Architecture: source
Version: 3.0.4+dfsg1-1+deb10u1~bpo9+1
Distribution: stretch-backports
Urgency: medium
Maintainer: Debian Shib Team <pkg-shibboleth-devel@lists.alioth.debian.org>
Changed-By: Etienne Dysli Metref <etienne.dysli-metref@switch.ch>
Description:
 libapache2-mod-shib - Federated web single sign-on system (Apache module)
 libapache2-mod-shib2 - transitional package
 libshibsp-dev - Federated web single sign-on system (development)
 libshibsp-doc - Federated web single sign-on system (API docs)
 libshibsp-plugins - Federated web single sign-on system (plugins)
 libshibsp8 - Federated web single sign-on system (runtime)
 shibboleth-sp-common - Federated web single sign-on system (common files)
 shibboleth-sp-utils - Federated web single sign-on system (daemon and utilities)
 shibboleth-sp2-common - transitional package
 shibboleth-sp2-utils - transitional package
Changes:
 shibboleth-sp (3.0.4+dfsg1-1+deb10u1~bpo9+1) stretch-backports; urgency=medium
 .
   * Rebuild for stretch-backports.
Checksums-Sha1:
 481f6df26611c40450d269cc057be5f95ecf53a4 3072 shibboleth-sp_3.0.4+dfsg1-1+deb10u1~bpo9+1.dsc
 2fd6b67f019d6e8cf1dfab2677f0cbffa70b9f96 79576 shibboleth-sp_3.0.4+dfsg1-1+deb10u1~bpo9+1.debian.tar.xz
 3c52475c63b45630e8f65ee34aeb1cfac744f1fa 14847 shibboleth-sp_3.0.4+dfsg1-1+deb10u1~bpo9+1_amd64.buildinfo
Checksums-Sha256:
 8acea46fa92ac1bbe7f46c0969326cc13af9f6f1389a2b0d567331e54ed31e46 3072 shibboleth-sp_3.0.4+dfsg1-1+deb10u1~bpo9+1.dsc
 84b4d6dfbb89fc414abe4a58eaa2d543fb6acb6ed04436bee115015442fd9377 79576 shibboleth-sp_3.0.4+dfsg1-1+deb10u1~bpo9+1.debian.tar.xz
 763ace37109586c3bcb54d853ecd8c99855eafa1a1567820222170a1fa3ded25 14847 shibboleth-sp_3.0.4+dfsg1-1+deb10u1~bpo9+1_amd64.buildinfo
Files:
 17075173b6b162b56cfd635c5e6e06f0 3072 web optional shibboleth-sp_3.0.4+dfsg1-1+deb10u1~bpo9+1.dsc
 8644ad27c1e9ea61ed9d6a5a1da30479 79576 web optional shibboleth-sp_3.0.4+dfsg1-1+deb10u1~bpo9+1.debian.tar.xz
 ccc40036861a4f8a9c93946c7182eb67 14847 web optional shibboleth-sp_3.0.4+dfsg1-1+deb10u1~bpo9+1_amd64.buildinfo
  • switchaai/3.2.1+dfsg1-1_switchaai0_ubuntu18.04.1
    5de77131 · Update changelog for 3.2.1+dfsg1-1~switchaai0~ubuntu18.04.1 release · 
    shibboleth-sp SWITCHaai release 3.2.1+dfsg1-1~switchaai0~ubuntu18.04.1
  • switchaai/3.2.1+dfsg1-1_switchaai0_debian9.1
    18f72680 · Update changelog for 3.2.1+dfsg1-1~switchaai0~debian9.1 release · 
    shibboleth-sp SWITCHaai release 3.2.1+dfsg1-1~switchaai0~debian9.1
  • debian/2.6.0+dfsg1-4+deb9u2
    2be84006 · Update changelog for 2.6.0+dfsg1-4+deb9u2 release · 
    shibboleth-sp2 Debian release 2.6.0+dfsg1-4+deb9u2

Format: 1.8
Date: Thu, 18 Mar 2021 22:30:40 +0100
Source: shibboleth-sp2
Binary: libapache2-mod-shib2 libshibsp7 libshibsp-plugins libshibsp-dev libshibsp-doc shibboleth-sp2-common shibboleth-sp2-utils
Architecture: source
Version: 2.6.0+dfsg1-4+deb9u2
Distribution: stretch-security
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel@lists.alioth.debian.org>
Changed-By: Ferenc Wágner <wferi@debian.org>
Description:
 libapache2-mod-shib2 - Federated web single sign-on system (Apache module)
 libshibsp-dev - Federated web single sign-on system (development)
 libshibsp-doc - Federated web single sign-on system (API docs)
 libshibsp-plugins - Federated web single sign-on system (plugins)
 libshibsp7 - Federated web single sign-on system (runtime)
 shibboleth-sp2-common - Federated web single sign-on system (common files)
 shibboleth-sp2-utils - Federated web single sign-on system (daemon and utilities)
Closes: 985405
Changes:
 shibboleth-sp2 (2.6.0+dfsg1-4+deb9u2) stretch-security; urgency=high
 .
   * [9166b92] New patch: SSPCPP-922 - Add externalParameters option to Errors
     element.
     Fix a phishing vulnerability: Template generation allows external
     parameters to override placeholders
     The primitive template engine used to render error pages allows
     replacement via query parameters also, though this is not a typical
     need. Because of this feature, it's possible to cause the SP to
     display some templates containing values supplied externally by URL
     manipulation. Though the values are encoded to prevent script
     injection, the content nevertheless appears to come from the server
     and so would be interpreted as trustworthy, allowing email addresses,
     logos, or support URLs to be manipulated by an attacker.
     This update adds a new <Errors> setting to the configuration called
     externalParameters, which defaults to false. When false, support for
     this "feature" is disabled.
     https://shibboleth.net/community/advisories/secadv_20210317.txt
     https://issues.shibboleth.net/jira/browse/SSPCPP-922
     Thanks to Scott Cantor (Closes: #985405)
Checksums-Sha1:
 1c6ad8377205fbc1313b2bbd3bb5e11a2ba43ae5 2901 shibboleth-sp2_2.6.0+dfsg1-4+deb9u2.dsc
 679ec7980f198a5d2aa25f3f2a864b6a939d5dcb 83940 shibboleth-sp2_2.6.0+dfsg1-4+deb9u2.debian.tar.xz
 7141f2eba9a95a2eed561d766d7d63ac8406a34c 13471 shibboleth-sp2_2.6.0+dfsg1-4+deb9u2_amd64.buildinfo
Checksums-Sha256:
 9c89e72f59dc8dadb12827017ed8fbfe19bba332db880fe9d4d216aac3d67051 2901 shibboleth-sp2_2.6.0+dfsg1-4+deb9u2.dsc
 6cb5e0a78d6e18c113f99718aa31b8665170c1eb6d6301e82d1fb763093048b4 83940 shibboleth-sp2_2.6.0+dfsg1-4+deb9u2.debian.tar.xz
 03ea80552ebe20d435fd085c1754e07c343c41b084c157c7586ef4803e743173 13471 shibboleth-sp2_2.6.0+dfsg1-4+deb9u2_amd64.buildinfo
Files:
 f253b52fbb3244458667aa01272dd884 2901 web extra shibboleth-sp2_2.6.0+dfsg1-4+deb9u2.dsc
 ab005c39a6e9355d3977a0311ea4073e 83940 web extra shibboleth-sp2_2.6.0+dfsg1-4+deb9u2.debian.tar.xz
 10575078af09e4a5ee9030fb642b977c 13471 web extra shibboleth-sp2_2.6.0+dfsg1-4+deb9u2_amd64.buildinfo
  • switchaai/3.2.1+dfsg1-1_switchaai0_ubuntu20.04.1
    14767c56 · Update changelog for 3.2.1+dfsg1-1~switchaai0~ubuntu20.04.1 release · 
    shibboleth-sp SWITCHaai release 3.2.1+dfsg1-1~switchaai0~ubuntu20.04.1