Skip to content

Tags

Tags give the ability to mark specific points in history as being important
  • upstream/3.2.3+dfsg1
    e09610a7 · New upstream version 3.2.3+dfsg1 · 
    Upstream version 3.2.3+dfsg1
  • 3.2.3.1
    3fb175c4 · Bump file version on IIS DLL. · 
    Tag 3.2.3.1 release.
    Unverified
  • 3.2.3
    513a3a53 · SSPCPP-937 - RequestMap doesn't reset internal variable during path decode · 
    Tagging 3.2.3 release.
    Unverified
  • 3.2.2.2
    5dd2007a · SSPCPP-934 · 
    Tag 3.2.2.2 release.
    Unverified
  • debian/3.2.2+dfsg1-1_bpo10+1
    dffa00c7 · Update changelog for 3.2.2+dfsg1-1~bpo10+1 release · 
    shibboleth-sp Debian release 3.2.2+dfsg1-1~bpo10+1

Format: 1.8
Date: Tue, 04 May 2021 14:26:47 +0200
Source: shibboleth-sp
Architecture: source
Version: 3.2.2+dfsg1-1~bpo10+1
Distribution: buster-backports
Urgency: medium
Maintainer: Debian Shib Team <pkg-shibboleth-devel@alioth-lists.debian.net>
Changed-By: Etienne Dysli Metref <etienne.dysli-metref@switch.ch>
Changes:
 shibboleth-sp (3.2.2+dfsg1-1~bpo10+1) buster-backports; urgency=medium
 .
   * Rebuild for buster-backports.
Checksums-Sha1:
 c603111c0999c71b296966db5d92e3b891521135 2923 shibboleth-sp_3.2.2+dfsg1-1~bpo10+1.dsc
 4dbd985e093554d2ffe08a4dffd06db02167136d 42268 shibboleth-sp_3.2.2+dfsg1-1~bpo10+1.debian.tar.xz
 0fb2a5e68ff7fb25f6836f8d30389567039721f3 13641 shibboleth-sp_3.2.2+dfsg1-1~bpo10+1_amd64.buildinfo
Checksums-Sha256:
 3313b8c0b04577306f3f22346714bc0f25f813814ae16c5bd905f8047ff808ab 2923 shibboleth-sp_3.2.2+dfsg1-1~bpo10+1.dsc
 3423f7eaca406c0e4ac124b25a8094bc960cc7354b399b783ef8990991650b1a 42268 shibboleth-sp_3.2.2+dfsg1-1~bpo10+1.debian.tar.xz
 673d06ccae72764845e6fce0e5f59b00038cfa698a2be94126d24a7a7a2c33ff 13641 shibboleth-sp_3.2.2+dfsg1-1~bpo10+1_amd64.buildinfo
Files:
 496f6cf6eb1bcb74d98b1e49235d501b 2923 web optional shibboleth-sp_3.2.2+dfsg1-1~bpo10+1.dsc
 660fe71b43a433224c58589ecbc8b1ec 42268 web optional shibboleth-sp_3.2.2+dfsg1-1~bpo10+1.debian.tar.xz
 85916585d06099154432a79bd00d1a03 13641 web optional shibboleth-sp_3.2.2+dfsg1-1~bpo10+1_amd64.buildinfo
    Unverified
  • debian/3.2.2+dfsg1-1
    ade5fbf1 · Update changelog for 3.2.2+dfsg1-1 release · 
    shibboleth-sp Debian release 3.2.2+dfsg1-1

Format: 1.8
Date: Tue, 27 Apr 2021 12:11:06 +0200
Source: shibboleth-sp
Architecture: source
Version: 3.2.2+dfsg1-1
Distribution: unstable
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel@alioth-lists.debian.net>
Changed-By: Ferenc Wágner <wferi@debian.org>
Closes: 987608
Changes:
 shibboleth-sp (3.2.2+dfsg1-1) unstable; urgency=high
 .
   * [e44283d] New upstream release: 3.2.2
     High urgency because it fixes CVE-2021-31826:
     Session recovery feature contains a null pointer dereference
     The cookie-based session recovery feature added in V3.0 contains a
     flaw that is exploitable on systems *not* using the feature if a
     specially crafted cookie is supplied.
     This manifests as a crash in the shibd daemon.
     Because it is very simple to trigger this condition remotely, it
     results in a potential denial of service condition exploitable by
     a remote, unauthenticated attacker.
     Thanks to Scott Cantor (Closes: #987608)
   * [3a6ac33] Refresh our patches
Checksums-Sha1:
 51abae0103692c6eb756a0684f956236c766bab3 2891 shibboleth-sp_3.2.2+dfsg1-1.dsc
 15d60364156cd8fd2c60db273cba85f5c28bc075 640648 shibboleth-sp_3.2.2+dfsg1.orig.tar.xz
 f185a257f713b667f861b0cbc83f9270618a84c9 42116 shibboleth-sp_3.2.2+dfsg1-1.debian.tar.xz
 cb8f6304381f00faa35b8480e962b646d25065cb 13102 shibboleth-sp_3.2.2+dfsg1-1_amd64.buildinfo
Checksums-Sha256:
 b855713cb278c5d8051cfb248ad7245f58d7182470e8b6c9dec2552697a85fdf 2891 shibboleth-sp_3.2.2+dfsg1-1.dsc
 14d0d2ca03adf44c77ed5e8738d537dbe6e9abe5a3d6f15d403f9b00964c9f00 640648 shibboleth-sp_3.2.2+dfsg1.orig.tar.xz
 6a4d64544ff5f1bf8028b7ba87519ad50237f52ee157aa4d0138dcab542aef0d 42116 shibboleth-sp_3.2.2+dfsg1-1.debian.tar.xz
 7f83a25d57dc84136dba59d6941a4e717d6c03c44121e26054cf2b7d37edddec 13102 shibboleth-sp_3.2.2+dfsg1-1_amd64.buildinfo
Files:
 23f42f6e2552fce639ed5a19ef8a5ce5 2891 web optional shibboleth-sp_3.2.2+dfsg1-1.dsc
 52199338ebf5612425cb2a076c1b7f70 640648 web optional shibboleth-sp_3.2.2+dfsg1.orig.tar.xz
 a60eb96d9fa7c1fa10b31365c9614184 42116 web optional shibboleth-sp_3.2.2+dfsg1-1.debian.tar.xz
 7487cb96684d3aa30e30d25d8200fa62 13102 web optional shibboleth-sp_3.2.2+dfsg1-1_amd64.buildinfo
    Unverified
  • debian/3.0.4+dfsg1-1+deb10u2
    9a52c743 · Update changelog for 3.0.4+dfsg1-1+deb10u2 release · 
    shibboleth-sp Debian release 3.0.4+dfsg1-1+deb10u2

Format: 1.8
Date: Mon, 26 Apr 2021 15:37:15 +0200
Source: shibboleth-sp
Architecture: source
Version: 3.0.4+dfsg1-1+deb10u2
Distribution: buster-security
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel@lists.alioth.debian.org>
Changed-By: Ferenc Wágner <wferi@debian.org>
Closes: 987608
Changes:
 shibboleth-sp (3.0.4+dfsg1-1+deb10u2) buster-security; urgency=high
 .
   * [2dd45b3] New patch: SSPCPP-927 - Check for missing DataSealer during
     cookie recovery.
     Fix a denial of service vulnerability: Session recovery feature contains
     a null pointer dereference
     The cookie-based session recovery feature added in V3.0 contains a
     flaw that is exploitable on systems *not* using the feature if a
     specially crafted cookie is supplied.
     This manifests as a crash in the shibd daemon.
     Because it is very simple to trigger this condition remotely, it
     results in a potential denial of service condition exploitable by
     a remote, unauthenticated attacker.
     Thanks to Scott Cantor (Closes: #987608)
Checksums-Sha1:
 aa91efd3b9c6f26b0ad95dfae340a49f41e8923c 3034 shibboleth-sp_3.0.4+dfsg1-1+deb10u2.dsc
 936ea173fc1b0c9998f657b897650b9f7fdd84d1 79896 shibboleth-sp_3.0.4+dfsg1-1+deb10u2.debian.tar.xz
 d74e5e9b65ef48c88c4294cf5a0d0ece4da1667c 14116 shibboleth-sp_3.0.4+dfsg1-1+deb10u2_amd64.buildinfo
Checksums-Sha256:
 82ce3e5b624c34754807c76a70fc5549dc535e9c5d01af396b76966d9f9cf39d 3034 shibboleth-sp_3.0.4+dfsg1-1+deb10u2.dsc
 01a3257b10e940430af70754daeccc29c08c091ae04a1fd519ff67cefb83b878 79896 shibboleth-sp_3.0.4+dfsg1-1+deb10u2.debian.tar.xz
 74fdf85b4918fd5867fc5c858dd13c222327ca9dda34ed8901c1187ff07c0d56 14116 shibboleth-sp_3.0.4+dfsg1-1+deb10u2_amd64.buildinfo
Files:
 f74cbb538977ef3921821dd62ca772df 3034 web optional shibboleth-sp_3.0.4+dfsg1-1+deb10u2.dsc
 2cf9a7879a9838f4cdf8f0d023e957c4 79896 web optional shibboleth-sp_3.0.4+dfsg1-1+deb10u2.debian.tar.xz
 22afb3d6e117204e01b703a96a5750d2 14116 web optional shibboleth-sp_3.0.4+dfsg1-1+deb10u2_amd64.buildinfo
    Unverified
  • upstream/3.2.2+dfsg1
    d267b737 · New upstream version 3.2.2+dfsg1 · 
    Upstream version 3.2.2+dfsg1
  • 3.2.2
    a37c6153 · Update so revision. · 
    Tag 3.2.2 release.
    Unverified
  • debian/3.2.1+dfsg1-1_bpo10+1
    7ae45810 · Update changelog for 3.2.1+dfsg1-1~bpo10+1 release · 
    shibboleth-sp Debian release 3.2.1+dfsg1-1~bpo10+1

Format: 1.8
Date: Mon, 22 Mar 2021 13:11:57 +0100
Source: shibboleth-sp
Binary: libapache2-mod-shib libapache2-mod-shib-dbgsym libshibsp-dev libshibsp-doc libshibsp-plugins libshibsp-plugins-dbgsym libshibsp10 libshibsp10-dbgsym shibboleth-sp-common shibboleth-sp-utils shibboleth-sp-utils-dbgsym
Architecture: source i386 all
Version: 3.2.1+dfsg1-1~bpo10+1
Distribution: buster-backports
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel@alioth-lists.debian.net>
Changed-By: Etienne Dysli Metref <etienne.dysli-metref@switch.ch>
Description:
 libapache2-mod-shib - Federated web single sign-on system (Apache module)
 libshibsp-dev - Federated web single sign-on system (development)
 libshibsp-doc - Federated web single sign-on system (API docs)
 libshibsp-plugins - Federated web single sign-on system (plugins)
 libshibsp10 - Federated web single sign-on system (runtime)
 shibboleth-sp-common - Federated web single sign-on system (common files)
 shibboleth-sp-utils - Federated web single sign-on system (daemon and utilities)
Changes:
 shibboleth-sp (3.2.1+dfsg1-1~bpo10+1) buster-backports; urgency=medium
 .
   * Rebuild for buster-backports.
 .
 shibboleth-sp (3.2.1+dfsg1-1) unstable; urgency=high
 .
   * [4ecfe4a] New upstream release: 3.2.1
     High urgency because it contains the fix for the phishing vulnerability
     https://shibboleth.net/community/advisories/secadv_20210317.txt.
   * [80b3470] Refresh our patches
 .
 shibboleth-sp (3.2.0+dfsg1-2) unstable; urgency=medium
 .
   * [84158eb] Revert "New patch: Require XMLTooling and OpenSAML 3.2 via pkg
     config as well"
     This reverts commit 431b176b3127bb0b0ebfb9621a798facec24cce3.
     According to upstream there's no real build requirement here.
   * Upload to unstable
 .
 shibboleth-sp (3.2.0+dfsg1-1) experimental; urgency=medium
 .
   * [6af8bd7] Bump watch file format version to 4
   * [ce7b33d] New upstream release: 3.2.0
   * [4a6d968] Delete upstream patch, refresh the rest
   * [431b176] New patch: Require XMLTooling and OpenSAML 3.2 via pkg config as
     well
   * [20a1f52] Depend on XMLTooling and OpenSAML 3.2
   * [3d4409a] Rename library package for upstream SONAME bump
   * [54cf316] Update Standards-Version to 4.5.1 (no changes required)
Checksums-Sha1:
 885ccc373b86dec8865a7d24593da10db286a1c9 2923 shibboleth-sp_3.2.1+dfsg1-1~bpo10+1.dsc
 e022501e8366370aa9edb4cc0e625326a4883bd8 42000 shibboleth-sp_3.2.1+dfsg1-1~bpo10+1.debian.tar.xz
 63a26cf4070391aa5d096ed0d6d78dd133811218 382136 libapache2-mod-shib-dbgsym_3.2.1+dfsg1-1~bpo10+1_i386.deb
 e5700349756b4904932a51881745194dd0f7fc4c 83840 libapache2-mod-shib_3.2.1+dfsg1-1~bpo10+1_i386.deb
 83b88eb4b374ef92c73704d7d36d92037c1bcb66 67376 libshibsp-dev_3.2.1+dfsg1-1~bpo10+1_i386.deb
 963081e148a2dac419d1ec2b65e0ce79f6ff777e 3386248 libshibsp-doc_3.2.1+dfsg1-1~bpo10+1_all.deb
 3533cef5405ba460a4a0a0c3d75bef898af7c5f9 2422680 libshibsp-plugins-dbgsym_3.2.1+dfsg1-1~bpo10+1_i386.deb
 2cb13dfc968cf738e63ed49db8ee4ebb3cf1dac2 194236 libshibsp-plugins_3.2.1+dfsg1-1~bpo10+1_i386.deb
 5ee1185b8468fcb6af23d1fc1a115836d4902f8c 18257980 libshibsp10-dbgsym_3.2.1+dfsg1-1~bpo10+1_i386.deb
 e655646ea9873ef3e5c2ebba58a2eb76dba8a692 1021256 libshibsp10_3.2.1+dfsg1-1~bpo10+1_i386.deb
 a2203315800f645e3467a0dd7473c3fb8d4debf9 57304 shibboleth-sp-common_3.2.1+dfsg1-1~bpo10+1_all.deb
 94ee9b1d2dc81852704d40d042ae3ca4c164deb9 466268 shibboleth-sp-utils-dbgsym_3.2.1+dfsg1-1~bpo10+1_i386.deb
 f687daeebec481f6a5c3904d15b8f4f960cf1967 92948 shibboleth-sp-utils_3.2.1+dfsg1-1~bpo10+1_i386.deb
 a39ba59cc849452c2266389662ef4ffa090b779a 13567 shibboleth-sp_3.2.1+dfsg1-1~bpo10+1_i386.buildinfo
Checksums-Sha256:
 85b6f967c504536933d0b41c931da5d4946068d828e71db73b4e70af025728d9 2923 shibboleth-sp_3.2.1+dfsg1-1~bpo10+1.dsc
 4c67d559f1434cd114ab286c695745efec31624ca7e04c730828f6ee38f07847 42000 shibboleth-sp_3.2.1+dfsg1-1~bpo10+1.debian.tar.xz
 b6a649df67f803b260f89ac01f25fade4ae67536c62a9a8bed23fe77d8bd87e6 382136 libapache2-mod-shib-dbgsym_3.2.1+dfsg1-1~bpo10+1_i386.deb
 dbc38834cd6de233b5cbd627a976ae555521e9e6c1b029438ab5ad12783783c7 83840 libapache2-mod-shib_3.2.1+dfsg1-1~bpo10+1_i386.deb
 a6dac794b529e9ce0165810cd2312f367ae4072ac28034908386acf356dfcb76 67376 libshibsp-dev_3.2.1+dfsg1-1~bpo10+1_i386.deb
 f29b5540521f9eeeb393e1208848be316a1e4ce71dbd15f2b1e34de06e31ce99 3386248 libshibsp-doc_3.2.1+dfsg1-1~bpo10+1_all.deb
 73c97b559db278a5fe2626a70ea0d969d5ef9180a471bb7d1c27349e7c980d49 2422680 libshibsp-plugins-dbgsym_3.2.1+dfsg1-1~bpo10+1_i386.deb
 39af2e9bf88f15fa7f8a1b9f9129c5a99abc0851bfd524e15767f5b6efca6ad2 194236 libshibsp-plugins_3.2.1+dfsg1-1~bpo10+1_i386.deb
 33f8adc8e3c5e70f3a0078e23824fc82efc4e5bc4a1b9244a42bdf22f593c62c 18257980 libshibsp10-dbgsym_3.2.1+dfsg1-1~bpo10+1_i386.deb
 e3b821bd91ef5e7b9593fee70e39c690c72885b549c27c0d1e2744296aa2ec29 1021256 libshibsp10_3.2.1+dfsg1-1~bpo10+1_i386.deb
 8273013e365402376f1191f27bedfe45836bce948ff29279a15db04830c3922a 57304 shibboleth-sp-common_3.2.1+dfsg1-1~bpo10+1_all.deb
 9edc46d99a3a3947c816d8ebe9bfb03af3022f03057d0e1df2e6424c81ed5938 466268 shibboleth-sp-utils-dbgsym_3.2.1+dfsg1-1~bpo10+1_i386.deb
 bd00f4ec80505ec5a13aeee99deb98709e945d9efeda3eb81375b82d580e987d 92948 shibboleth-sp-utils_3.2.1+dfsg1-1~bpo10+1_i386.deb
 686feb75a7fefd0e15a7b63e285a713f7bda186af1626e2054b1214637a4c35d 13567 shibboleth-sp_3.2.1+dfsg1-1~bpo10+1_i386.buildinfo
Files:
 c9e6fe6129094bfbcaed77b9e942df93 2923 web optional shibboleth-sp_3.2.1+dfsg1-1~bpo10+1.dsc
 16c594ef5f477eaf372b3645f05f02c2 42000 web optional shibboleth-sp_3.2.1+dfsg1-1~bpo10+1.debian.tar.xz
 5b101a22f647c0ff7e03049e28cd0dbc 382136 debug optional libapache2-mod-shib-dbgsym_3.2.1+dfsg1-1~bpo10+1_i386.deb
 cc3d11fceeb454f20eb6633806ed26fd 83840 httpd optional libapache2-mod-shib_3.2.1+dfsg1-1~bpo10+1_i386.deb
 ca472b31e037d40563d50da5e32409c4 67376 libdevel optional libshibsp-dev_3.2.1+dfsg1-1~bpo10+1_i386.deb
 7ac3e977e8e80b77ff5f0736b5ea4722 3386248 doc optional libshibsp-doc_3.2.1+dfsg1-1~bpo10+1_all.deb
 6adc73cf69982b6ed695724a33464209 2422680 debug optional libshibsp-plugins-dbgsym_3.2.1+dfsg1-1~bpo10+1_i386.deb
 ffa01f86bfdedffba225f899d9899b69 194236 libs optional libshibsp-plugins_3.2.1+dfsg1-1~bpo10+1_i386.deb
 ae35ffd2094129e3216f28a6bb81f00b 18257980 debug optional libshibsp10-dbgsym_3.2.1+dfsg1-1~bpo10+1_i386.deb
 b7ac5979f6e06de916423c66e29c9f26 1021256 libs optional libshibsp10_3.2.1+dfsg1-1~bpo10+1_i386.deb
 b2a50ae86e9f40bebec163583d2d935b 57304 libs optional shibboleth-sp-common_3.2.1+dfsg1-1~bpo10+1_all.deb
 4dc660710109cc2108341f9aeb4a0c07 466268 debug optional shibboleth-sp-utils-dbgsym_3.2.1+dfsg1-1~bpo10+1_i386.deb
 aff23c7f1557487cb5bf21c428e34936 92948 web optional shibboleth-sp-utils_3.2.1+dfsg1-1~bpo10+1_i386.deb
 6fbfdf075bfff111a2223d0a36c1065f 13567 web optional shibboleth-sp_3.2.1+dfsg1-1~bpo10+1_i386.buildinfo
    Unverified
  • debian/3.0.4+dfsg1-1+deb10u1_bpo9+1
    439a0b05 · Update changelog for 3.0.4+dfsg1-1+deb10u1~bpo9+1 release · 
    shibboleth-sp Debian release 3.0.4+dfsg1-1+deb10u1~bpo9+1

Format: 1.8
Date: Mon, 22 Mar 2021 13:55:57 +0100
Source: shibboleth-sp
Binary: libapache2-mod-shib libshibsp8 libshibsp-plugins libshibsp-dev libshibsp-doc shibboleth-sp-common shibboleth-sp-utils libapache2-mod-shib2 shibboleth-sp2-common shibboleth-sp2-utils
Architecture: source
Version: 3.0.4+dfsg1-1+deb10u1~bpo9+1
Distribution: stretch-backports
Urgency: medium
Maintainer: Debian Shib Team <pkg-shibboleth-devel@lists.alioth.debian.org>
Changed-By: Etienne Dysli Metref <etienne.dysli-metref@switch.ch>
Description:
 libapache2-mod-shib - Federated web single sign-on system (Apache module)
 libapache2-mod-shib2 - transitional package
 libshibsp-dev - Federated web single sign-on system (development)
 libshibsp-doc - Federated web single sign-on system (API docs)
 libshibsp-plugins - Federated web single sign-on system (plugins)
 libshibsp8 - Federated web single sign-on system (runtime)
 shibboleth-sp-common - Federated web single sign-on system (common files)
 shibboleth-sp-utils - Federated web single sign-on system (daemon and utilities)
 shibboleth-sp2-common - transitional package
 shibboleth-sp2-utils - transitional package
Changes:
 shibboleth-sp (3.0.4+dfsg1-1+deb10u1~bpo9+1) stretch-backports; urgency=medium
 .
   * Rebuild for stretch-backports.
Checksums-Sha1:
 481f6df26611c40450d269cc057be5f95ecf53a4 3072 shibboleth-sp_3.0.4+dfsg1-1+deb10u1~bpo9+1.dsc
 2fd6b67f019d6e8cf1dfab2677f0cbffa70b9f96 79576 shibboleth-sp_3.0.4+dfsg1-1+deb10u1~bpo9+1.debian.tar.xz
 3c52475c63b45630e8f65ee34aeb1cfac744f1fa 14847 shibboleth-sp_3.0.4+dfsg1-1+deb10u1~bpo9+1_amd64.buildinfo
Checksums-Sha256:
 8acea46fa92ac1bbe7f46c0969326cc13af9f6f1389a2b0d567331e54ed31e46 3072 shibboleth-sp_3.0.4+dfsg1-1+deb10u1~bpo9+1.dsc
 84b4d6dfbb89fc414abe4a58eaa2d543fb6acb6ed04436bee115015442fd9377 79576 shibboleth-sp_3.0.4+dfsg1-1+deb10u1~bpo9+1.debian.tar.xz
 763ace37109586c3bcb54d853ecd8c99855eafa1a1567820222170a1fa3ded25 14847 shibboleth-sp_3.0.4+dfsg1-1+deb10u1~bpo9+1_amd64.buildinfo
Files:
 17075173b6b162b56cfd635c5e6e06f0 3072 web optional shibboleth-sp_3.0.4+dfsg1-1+deb10u1~bpo9+1.dsc
 8644ad27c1e9ea61ed9d6a5a1da30479 79576 web optional shibboleth-sp_3.0.4+dfsg1-1+deb10u1~bpo9+1.debian.tar.xz
 ccc40036861a4f8a9c93946c7182eb67 14847 web optional shibboleth-sp_3.0.4+dfsg1-1+deb10u1~bpo9+1_amd64.buildinfo
    Unverified
  • debian/2.6.0+dfsg1-4+deb9u2
    2be84006 · Update changelog for 2.6.0+dfsg1-4+deb9u2 release · 
    shibboleth-sp2 Debian release 2.6.0+dfsg1-4+deb9u2

Format: 1.8
Date: Thu, 18 Mar 2021 22:30:40 +0100
Source: shibboleth-sp2
Binary: libapache2-mod-shib2 libshibsp7 libshibsp-plugins libshibsp-dev libshibsp-doc shibboleth-sp2-common shibboleth-sp2-utils
Architecture: source
Version: 2.6.0+dfsg1-4+deb9u2
Distribution: stretch-security
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel@lists.alioth.debian.org>
Changed-By: Ferenc Wágner <wferi@debian.org>
Description:
 libapache2-mod-shib2 - Federated web single sign-on system (Apache module)
 libshibsp-dev - Federated web single sign-on system (development)
 libshibsp-doc - Federated web single sign-on system (API docs)
 libshibsp-plugins - Federated web single sign-on system (plugins)
 libshibsp7 - Federated web single sign-on system (runtime)
 shibboleth-sp2-common - Federated web single sign-on system (common files)
 shibboleth-sp2-utils - Federated web single sign-on system (daemon and utilities)
Closes: 985405
Changes:
 shibboleth-sp2 (2.6.0+dfsg1-4+deb9u2) stretch-security; urgency=high
 .
   * [9166b92] New patch: SSPCPP-922 - Add externalParameters option to Errors
     element.
     Fix a phishing vulnerability: Template generation allows external
     parameters to override placeholders
     The primitive template engine used to render error pages allows
     replacement via query parameters also, though this is not a typical
     need. Because of this feature, it's possible to cause the SP to
     display some templates containing values supplied externally by URL
     manipulation. Though the values are encoded to prevent script
     injection, the content nevertheless appears to come from the server
     and so would be interpreted as trustworthy, allowing email addresses,
     logos, or support URLs to be manipulated by an attacker.
     This update adds a new <Errors> setting to the configuration called
     externalParameters, which defaults to false. When false, support for
     this "feature" is disabled.
     https://shibboleth.net/community/advisories/secadv_20210317.txt
     https://issues.shibboleth.net/jira/browse/SSPCPP-922
     Thanks to Scott Cantor (Closes: #985405)
Checksums-Sha1:
 1c6ad8377205fbc1313b2bbd3bb5e11a2ba43ae5 2901 shibboleth-sp2_2.6.0+dfsg1-4+deb9u2.dsc
 679ec7980f198a5d2aa25f3f2a864b6a939d5dcb 83940 shibboleth-sp2_2.6.0+dfsg1-4+deb9u2.debian.tar.xz
 7141f2eba9a95a2eed561d766d7d63ac8406a34c 13471 shibboleth-sp2_2.6.0+dfsg1-4+deb9u2_amd64.buildinfo
Checksums-Sha256:
 9c89e72f59dc8dadb12827017ed8fbfe19bba332db880fe9d4d216aac3d67051 2901 shibboleth-sp2_2.6.0+dfsg1-4+deb9u2.dsc
 6cb5e0a78d6e18c113f99718aa31b8665170c1eb6d6301e82d1fb763093048b4 83940 shibboleth-sp2_2.6.0+dfsg1-4+deb9u2.debian.tar.xz
 03ea80552ebe20d435fd085c1754e07c343c41b084c157c7586ef4803e743173 13471 shibboleth-sp2_2.6.0+dfsg1-4+deb9u2_amd64.buildinfo
Files:
 f253b52fbb3244458667aa01272dd884 2901 web extra shibboleth-sp2_2.6.0+dfsg1-4+deb9u2.dsc
 ab005c39a6e9355d3977a0311ea4073e 83940 web extra shibboleth-sp2_2.6.0+dfsg1-4+deb9u2.debian.tar.xz
 10575078af09e4a5ee9030fb642b977c 13471 web extra shibboleth-sp2_2.6.0+dfsg1-4+deb9u2_amd64.buildinfo
    Unverified
  • debian/3.0.4+dfsg1-1+deb10u1
    abb627d5 · Update changelog for 3.0.4+dfsg1-1+deb10u1 release · 
    shibboleth-sp Debian release 3.0.4+dfsg1-1+deb10u1

Format: 1.8
Date: Wed, 17 Mar 2021 16:55:49 +0100
Source: shibboleth-sp
Architecture: source
Version: 3.0.4+dfsg1-1+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel@lists.alioth.debian.org>
Changed-By: Ferenc Wágner <wferi@debian.org>
Closes: 985405
Changes:
 shibboleth-sp (3.0.4+dfsg1-1+deb10u1) buster-security; urgency=high
 .
   * [594074b] New patch: SSPCPP-922 - Add externalParameters option to Errors
     element.
     Fix a phishing vulnerability: Template generation allows external
     parameters to override placeholders
     The primitive template engine used to render error pages allows
     replacement via query parameters also, though this is not a typical
     need. Because of this feature, it's possible to cause the SP to
     display some templates containing values supplied externally by URL
     manipulation. Though the values are encoded to prevent script
     injection, the content nevertheless appears to come from the server
     and so would be interpreted as trustworthy, allowing email addresses,
     logos, or support URLs to be manipulated by an attacker.
     This update adds a new <Errors> setting to the configuration called
     externalParameters, which defaults to false. When false, support for
     this "feature" is disabled.
     https://shibboleth.net/community/advisories/secadv_20210317.txt
     https://issues.shibboleth.net/jira/browse/SSPCPP-922
     Thanks to Scott Cantor (Closes: #985405)
Checksums-Sha1:
 b772eca334b15268404717420e899765f6d19d38 3034 shibboleth-sp_3.0.4+dfsg1-1+deb10u1.dsc
 41ce923aef344361e7df8f2625f31ef3d84cf85f 79324 shibboleth-sp_3.0.4+dfsg1-1+deb10u1.debian.tar.xz
 39c96065921e7df836ab8a1eab47d228f958d5a6 14092 shibboleth-sp_3.0.4+dfsg1-1+deb10u1_amd64.buildinfo
Checksums-Sha256:
 c33ef8a0c0735abe7348e9825588bba01ac62325a6dc4375be21b153b8c0fd88 3034 shibboleth-sp_3.0.4+dfsg1-1+deb10u1.dsc
 6790ac56e79c215dd38a065c94905b979185b72294d3fce2cd78ba43995831f4 79324 shibboleth-sp_3.0.4+dfsg1-1+deb10u1.debian.tar.xz
 26790f7b0aeba30cfb738ee26e739088e3e229ca306f9900ef8c5df6186f9691 14092 shibboleth-sp_3.0.4+dfsg1-1+deb10u1_amd64.buildinfo
Files:
 b2030bd2eafac8728d6aa75d9bf7eca0 3034 web optional shibboleth-sp_3.0.4+dfsg1-1+deb10u1.dsc
 74d4b3c702dd8219f9f81720c7fc5bc1 79324 web optional shibboleth-sp_3.0.4+dfsg1-1+deb10u1.debian.tar.xz
 15a96349848116bdb3e66e864e16fbc8 14092 web optional shibboleth-sp_3.0.4+dfsg1-1+deb10u1_amd64.buildinfo
    Unverified
  • debian/3.2.1+dfsg1-1
    dad02abc · Update changelog for 3.2.1+dfsg1-1 release · 
    shibboleth-sp Debian release 3.2.1+dfsg1-1

Format: 1.8
Date: Wed, 17 Mar 2021 14:29:08 +0100
Source: shibboleth-sp
Architecture: source
Version: 3.2.1+dfsg1-1
Distribution: unstable
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel@alioth-lists.debian.net>
Changed-By: Ferenc Wágner <wferi@debian.org>
Changes:
 shibboleth-sp (3.2.1+dfsg1-1) unstable; urgency=high
 .
   * [4ecfe4a] New upstream release: 3.2.1
     High urgency because it contains the fix for the phishing vulnerability
     https://shibboleth.net/community/advisories/secadv_20210317.txt.
   * [80b3470] Refresh our patches
Checksums-Sha1:
 663aa09500205db97ff41dcfed498cfb573429fd 2891 shibboleth-sp_3.2.1+dfsg1-1.dsc
 8e4abf73cc49aca38495391815d78ef8d98bb8d0 635464 shibboleth-sp_3.2.1+dfsg1.orig.tar.xz
 ea53c838085cfd6bde70fe629a80dc79fba917ce 41896 shibboleth-sp_3.2.1+dfsg1-1.debian.tar.xz
 f8d73b00312cf5ed7e1b8b6bde4ec521a3c8342d 13100 shibboleth-sp_3.2.1+dfsg1-1_amd64.buildinfo
Checksums-Sha256:
 7042c28d45f1f5eb378abae8dd1082253dad384481e98e1a5af2001cdc70d2f3 2891 shibboleth-sp_3.2.1+dfsg1-1.dsc
 300276f5c587a028c9de3f0c367ced127ecce29a11916ab87cf933a49688cb9b 635464 shibboleth-sp_3.2.1+dfsg1.orig.tar.xz
 fd9cc0e0b4534e6a285622756a4a2e544b3805b7ab0d2867c36d3baeb988da03 41896 shibboleth-sp_3.2.1+dfsg1-1.debian.tar.xz
 335602d8052dccc8c64d9c555eeef45816a1b0cd30dbc4039ea53ff377b63eff 13100 shibboleth-sp_3.2.1+dfsg1-1_amd64.buildinfo
Files:
 ac4d52b6e3a200bd10bf4754a2d28ee2 2891 web optional shibboleth-sp_3.2.1+dfsg1-1.dsc
 2ca6b4223d94ccb18fb561e93f750d47 635464 web optional shibboleth-sp_3.2.1+dfsg1.orig.tar.xz
 391fb16e669de98effa51cff7832b31b 41896 web optional shibboleth-sp_3.2.1+dfsg1-1.debian.tar.xz
 e063db88233de2d265a071127ff7d5b3 13100 web optional shibboleth-sp_3.2.1+dfsg1-1_amd64.buildinfo
    Unverified
  • upstream/3.2.1+dfsg1
    4e3ac0f5 · New upstream version 3.2.1+dfsg1 · 
    Upstream version 3.2.1+dfsg1
  • 3.2.1
    6842ae2a · SSPCPP-920 - External overrides break when custom handlers are used · 
    Tag 3.2.1 release.
    Unverified
  • debian/3.2.0+dfsg1-2
    56f6364a · Update changelog for 3.2.0+dfsg1-2 release · 
    shibboleth-sp Debian release 3.2.0+dfsg1-2

Format: 1.8
Date: Wed, 06 Jan 2021 14:18:54 +0100
Source: shibboleth-sp
Architecture: source
Version: 3.2.0+dfsg1-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Shib Team <pkg-shibboleth-devel@alioth-lists.debian.net>
Changed-By: Ferenc Wágner <wferi@debian.org>
Changes:
 shibboleth-sp (3.2.0+dfsg1-2) unstable; urgency=medium
 .
   * [84158eb] Revert "New patch: Require XMLTooling and OpenSAML 3.2 via pkg
     config as well"
     This reverts commit 431b176b3127bb0b0ebfb9621a798facec24cce3.
     According to upstream there's no real build requirement here.
   * Upload to unstable
Checksums-Sha1:
 efc8eea73fcd0c2f66e7ca841a8bd5ada93eefa6 2891 shibboleth-sp_3.2.0+dfsg1-2.dsc
 ad99e6b4ea7d774caf563ead5efb707f6585ec52 41836 shibboleth-sp_3.2.0+dfsg1-2.debian.tar.xz
 6c43a2f8bcdbe36ad3dedf1c769915f0d4c383e7 13142 shibboleth-sp_3.2.0+dfsg1-2_amd64.buildinfo
Checksums-Sha256:
 a533c31a06ccb2365695e9a9c1716a76939814180dcd408eaff566c794944c92 2891 shibboleth-sp_3.2.0+dfsg1-2.dsc
 9fa1628a100faa4875eaa76503df52851d984834aff32ccc2de6b564c57294be 41836 shibboleth-sp_3.2.0+dfsg1-2.debian.tar.xz
 a57641686e222c5e54b92988497abc6fd5522342ec8c67a3c675ba72c1d9ddb6 13142 shibboleth-sp_3.2.0+dfsg1-2_amd64.buildinfo
Files:
 aeb83c7efacc28c6ddfa93b916bcee54 2891 web optional shibboleth-sp_3.2.0+dfsg1-2.dsc
 f11516770682ceece23c2e82fb360a8c 41836 web optional shibboleth-sp_3.2.0+dfsg1-2.debian.tar.xz
 171cf185a1ef4a2c1954fb2324606984 13142 web optional shibboleth-sp_3.2.0+dfsg1-2_amd64.buildinfo
    Unverified
  • debian/3.2.0+dfsg1-1
    8e49c6cd · Update changelog for 3.2.0+dfsg1-1 release · 
    shibboleth-sp Debian release 3.2.0+dfsg1-1

Format: 1.8
Date: Sun, 27 Dec 2020 22:13:32 +0100
Source: shibboleth-sp
Binary: libapache2-mod-shib libapache2-mod-shib-dbgsym libshibsp-dev libshibsp-doc libshibsp-plugins libshibsp-plugins-dbgsym libshibsp10 libshibsp10-dbgsym shibboleth-sp-common shibboleth-sp-utils shibboleth-sp-utils-dbgsym
Architecture: source i386 all
Version: 3.2.0+dfsg1-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Shib Team <pkg-shibboleth-devel@alioth-lists.debian.net>
Changed-By: Ferenc Wágner <wferi@debian.org>
Description:
 libapache2-mod-shib - Federated web single sign-on system (Apache module)
 libshibsp-dev - Federated web single sign-on system (development)
 libshibsp-doc - Federated web single sign-on system (API docs)
 libshibsp-plugins - Federated web single sign-on system (plugins)
 libshibsp10 - Federated web single sign-on system (runtime)
 shibboleth-sp-common - Federated web single sign-on system (common files)
 shibboleth-sp-utils - Federated web single sign-on system (daemon and utilities)
Changes:
 shibboleth-sp (3.2.0+dfsg1-1) experimental; urgency=medium
 .
   * [6af8bd7] Bump watch file format version to 4
   * [ce7b33d] New upstream release: 3.2.0
   * [4a6d968] Delete upstream patch, refresh the rest
   * [431b176] New patch: Require XMLTooling and OpenSAML 3.2 via pkg config as
     well
   * [20a1f52] Depend on XMLTooling and OpenSAML 3.2
   * [3d4409a] Rename library package for upstream SONAME bump
   * [54cf316] Update Standards-Version to 4.5.1 (no changes required)
Checksums-Sha1:
 9de2ab33e0928d1dfdab18ab0a2c49f3f7ffe1d6 2891 shibboleth-sp_3.2.0+dfsg1-1.dsc
 e4b0be203991f9ad8c110182f89c678385c409f0 635136 shibboleth-sp_3.2.0+dfsg1.orig.tar.xz
 00f05374484a1c07ab58406bb1ee0b699a758802 42016 shibboleth-sp_3.2.0+dfsg1-1.debian.tar.xz
 7bc32c2b6d690cf8be4919d08758eefaff7bdaf1 388404 libapache2-mod-shib-dbgsym_3.2.0+dfsg1-1_i386.deb
 409f4819e4735c63e43a9e876f72cbc390dd69f9 84580 libapache2-mod-shib_3.2.0+dfsg1-1_i386.deb
 c16af027e5975c24709aa80a8143837cbac02605 67108 libshibsp-dev_3.2.0+dfsg1-1_i386.deb
 f2cf659dd18dd2ce2ebe24c23a88641e7b8bcfd3 3339068 libshibsp-doc_3.2.0+dfsg1-1_all.deb
 2b62f83360aa20cf8d568796484a902b3e9a12fb 2113304 libshibsp-plugins-dbgsym_3.2.0+dfsg1-1_i386.deb
 6e5172ef16dcfcf7858eefcd444b7a9f014ba867 194956 libshibsp-plugins_3.2.0+dfsg1-1_i386.deb
 1c62e1c8a3a118cd4bde4ee487c3470c499f156c 17638300 libshibsp10-dbgsym_3.2.0+dfsg1-1_i386.deb
 d6ef98d59cc5d365b7c7c400694fbfbea341028a 1054740 libshibsp10_3.2.0+dfsg1-1_i386.deb
 71e78345e9c913a5b1eb16137907125c2a2188a5 56964 shibboleth-sp-common_3.2.0+dfsg1-1_all.deb
 c6bf7815f075e3213ee5d5e237867d29b974a13e 395632 shibboleth-sp-utils-dbgsym_3.2.0+dfsg1-1_i386.deb
 d64a6fdc888b65f3e8fc090cd5347bdda9395824 94680 shibboleth-sp-utils_3.2.0+dfsg1-1_i386.deb
 54a9cc783aac4bcbb22b46f4554676a51da411fc 13141 shibboleth-sp_3.2.0+dfsg1-1_i386.buildinfo
Checksums-Sha256:
 a10643ab145c5431d961b11d596b6190a6bffc0271486e6306da1462f3efedbe 2891 shibboleth-sp_3.2.0+dfsg1-1.dsc
 67675167506d34821451036dbd54fefbf3568038c769a732cdf67ce5211a5585 635136 shibboleth-sp_3.2.0+dfsg1.orig.tar.xz
 bc3942f12b0ea9a83248b119f81239493ac8d3f902f62a65bed644b189509cf1 42016 shibboleth-sp_3.2.0+dfsg1-1.debian.tar.xz
 2003e5909bb33a85e6dacdff6830c52e8a3528f85744cdf1c649ed2ce138f3f9 388404 libapache2-mod-shib-dbgsym_3.2.0+dfsg1-1_i386.deb
 f5558f64d1fb9c7ec9960480b7c267b68bb553bed709da11926ef9716e55e36c 84580 libapache2-mod-shib_3.2.0+dfsg1-1_i386.deb
 4915a3a381fbba9e9fdff9cfb0e0d79444d25c8b0325edcc5f254fab3c6e94a8 67108 libshibsp-dev_3.2.0+dfsg1-1_i386.deb
 0c27cd00777f9b21f833e836c5f9447716bbb82fbb716c92c8bbf749f699ad28 3339068 libshibsp-doc_3.2.0+dfsg1-1_all.deb
 fb637f9b486a002974674b31d3ee9267e17042cfa3b8f43582dee697b42347bc 2113304 libshibsp-plugins-dbgsym_3.2.0+dfsg1-1_i386.deb
 ae323d259e66192d974261ae04445b963a6fb14ffe2d47bc5b9fe4d42796cdd0 194956 libshibsp-plugins_3.2.0+dfsg1-1_i386.deb
 207969b39c6dc4c5c60263f1edda5bf0ebb706ab005af62f9bef6bcd7efbb053 17638300 libshibsp10-dbgsym_3.2.0+dfsg1-1_i386.deb
 ea5f23f854a52f358a3e4bb1647f2f6f42ffb2f0bb25576f5bc372fde5fd456c 1054740 libshibsp10_3.2.0+dfsg1-1_i386.deb
 61e2fe611028247bb2166e80429af021da989e62666e9e6fcfafdc10806ad1ca 56964 shibboleth-sp-common_3.2.0+dfsg1-1_all.deb
 1c9a6e7cdbf555c199b203582ac8f9ce1e59882026979ce4cd159d568002f941 395632 shibboleth-sp-utils-dbgsym_3.2.0+dfsg1-1_i386.deb
 e44b8463309f5043abf928d3ce2119b17334ba3402bd73db4b12af8147b40a83 94680 shibboleth-sp-utils_3.2.0+dfsg1-1_i386.deb
 1d0ada83d5bf5804a01e0665784b47946220bbcf340c31c933276696d5bf2822 13141 shibboleth-sp_3.2.0+dfsg1-1_i386.buildinfo
Files:
 eec817ac84ae4ff64725651c66b537f0 2891 web optional shibboleth-sp_3.2.0+dfsg1-1.dsc
 7ecfbef90da10bcbed14a24b55ca3651 635136 web optional shibboleth-sp_3.2.0+dfsg1.orig.tar.xz
 193b9d81df886b7499496b1ff58da5ee 42016 web optional shibboleth-sp_3.2.0+dfsg1-1.debian.tar.xz
 806e4e68da2c54ea304aee44af05bd27 388404 debug optional libapache2-mod-shib-dbgsym_3.2.0+dfsg1-1_i386.deb
 d5acc91a8857fc70ed881f0ff09da908 84580 httpd optional libapache2-mod-shib_3.2.0+dfsg1-1_i386.deb
 5f0ec2da134efca7bb86a9cce9b0a44c 67108 libdevel optional libshibsp-dev_3.2.0+dfsg1-1_i386.deb
 ecdccf2a41dfb810fbcdc41dd12f2aee 3339068 doc optional libshibsp-doc_3.2.0+dfsg1-1_all.deb
 00eabafdc067f165b60165cbc81c141f 2113304 debug optional libshibsp-plugins-dbgsym_3.2.0+dfsg1-1_i386.deb
 736de4a062192408cbf50c4227390dd7 194956 libs optional libshibsp-plugins_3.2.0+dfsg1-1_i386.deb
 7d9339dc8b09baaf7c03876e483bb8f1 17638300 debug optional libshibsp10-dbgsym_3.2.0+dfsg1-1_i386.deb
 03939feb4903fccd9760ad15140b5b13 1054740 libs optional libshibsp10_3.2.0+dfsg1-1_i386.deb
 8774287d0286337b620432846aff4e54 56964 libs optional shibboleth-sp-common_3.2.0+dfsg1-1_all.deb
 c4a2ecde78ea7beba6b9284300aedea6 395632 debug optional shibboleth-sp-utils-dbgsym_3.2.0+dfsg1-1_i386.deb
 1ce65fb2c0f45f32e88b14604f0358a7 94680 web optional shibboleth-sp-utils_3.2.0+dfsg1-1_i386.deb
 faa43439667d50c3c5be12d763d1a4de 13141 web optional shibboleth-sp_3.2.0+dfsg1-1_i386.buildinfo
    Unverified
  • upstream/3.2.0+dfsg1
    5b81a185 · New upstream version 3.2.0+dfsg1 · 
    Upstream version 3.2.0+dfsg1
  • 3.2.0
    6d543032 · SSPCPP-916 - Recreating MDQ cache directory fails with warning · 
    Tag 3.2.0
    Unverified