[Secure-testing-team] Bug#780383: libopensaml2-java: CVE-2015-1796
Salvatore Bonaccorso
carnil at debian.org
Fri Mar 13 07:23:16 UTC 2015
Source: libopensaml2-java
Version: 2.6.2-1
Severity: grave
Tags: security upstream fixed-upstream
Hi,
the following vulnerability was published for libopensaml2-java. Note
that I don't know libopensaml2-java well enough, so could you assess
if this affeccts Debian as well, and if the severity is approriate (if
not please feel free to downgrade it). Information follows:
CVE-2015-1796[0]:
PKIX Trust Engines Exhibit Critical Flaw In Trusted Names Evaluation
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-1796
[1] http://shibboleth.net/community/advisories/secadv_20150225.txt
Regards,
Salvatore
More information about the Secure-testing-team
mailing list