Skip to content
debian/3.2.2+dfsg1-1
Ferenc Wágner's avatar
Ferenc Wágner
@wferi
ade5fbf1 · Update changelog for 3.2.2+dfsg1-1 release ·
Unverified 
shibboleth-sp Debian release 3.2.2+dfsg1-1

Format: 1.8
Date: Tue, 27 Apr 2021 12:11:06 +0200
Source: shibboleth-sp
Architecture: source
Version: 3.2.2+dfsg1-1
Distribution: unstable
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel@alioth-lists.debian.net>
Changed-By: Ferenc Wágner <wferi@debian.org>
Closes: 987608
Changes:
 shibboleth-sp (3.2.2+dfsg1-1) unstable; urgency=high
 .
   * [e44283d] New upstream release: 3.2.2
     High urgency because it fixes CVE-2021-31826:
     Session recovery feature contains a null pointer dereference
     The cookie-based session recovery feature added in V3.0 contains a
     flaw that is exploitable on systems *not* using the feature if a
     specially crafted cookie is supplied.
     This manifests as a crash in the shibd daemon.
     Because it is very simple to trigger this condition remotely, it
     results in a potential denial of service condition exploitable by
     a remote, unauthenticated attacker.
     Thanks to Scott Cantor (Closes: #987608)
   * [3a6ac33] Refresh our patches
Checksums-Sha1:
 51abae0103692c6eb756a0684f956236c766bab3 2891 shibboleth-sp_3.2.2+dfsg1-1.dsc
 15d60364156cd8fd2c60db273cba85f5c28bc075 640648 shibboleth-sp_3.2.2+dfsg1.orig.tar.xz
 f185a257f713b667f861b0cbc83f9270618a84c9 42116 shibboleth-sp_3.2.2+dfsg1-1.debian.tar.xz
 cb8f6304381f00faa35b8480e962b646d25065cb 13102 shibboleth-sp_3.2.2+dfsg1-1_amd64.buildinfo
Checksums-Sha256:
 b855713cb278c5d8051cfb248ad7245f58d7182470e8b6c9dec2552697a85fdf 2891 shibboleth-sp_3.2.2+dfsg1-1.dsc
 14d0d2ca03adf44c77ed5e8738d537dbe6e9abe5a3d6f15d403f9b00964c9f00 640648 shibboleth-sp_3.2.2+dfsg1.orig.tar.xz
 6a4d64544ff5f1bf8028b7ba87519ad50237f52ee157aa4d0138dcab542aef0d 42116 shibboleth-sp_3.2.2+dfsg1-1.debian.tar.xz
 7f83a25d57dc84136dba59d6941a4e717d6c03c44121e26054cf2b7d37edddec 13102 shibboleth-sp_3.2.2+dfsg1-1_amd64.buildinfo
Files:
 23f42f6e2552fce639ed5a19ef8a5ce5 2891 web optional shibboleth-sp_3.2.2+dfsg1-1.dsc
 52199338ebf5612425cb2a076c1b7f70 640648 web optional shibboleth-sp_3.2.2+dfsg1.orig.tar.xz
 a60eb96d9fa7c1fa10b31365c9614184 42116 web optional shibboleth-sp_3.2.2+dfsg1-1.debian.tar.xz
 7487cb96684d3aa30e30d25d8200fa62 13102 web optional shibboleth-sp_3.2.2+dfsg1-1_amd64.buildinfo