Ubuntu
opensaml2 package

Shibboleth Security Advisory [25 July 2011]

Bug #816315 reported by John Cooper on 2011-07-26

This bug report is a duplicate of: Bug #817199: opensaml2 security advisory (CVE-2011-1411). Edit Remove

274

This bug affects 3 people

	Status	Importance	Assigned to
opensaml2 (Ubuntu)	Fix Released	Undecided	Unassigned
Lucid	Fix Released	Medium	Unassigned
Maverick	Fix Released	Medium	Unassigned
Natty	Won't Fix	Medium	Unassigned
Oneiric	Fix Released	Undecided	Unassigned

Bug Description

There has been a security advisory in OpenSAML2 allowing unauthenticated logins.

http://shibboleth.internet2.edu/secadv/secadv_20110725.txt

CVE References

2011-1411

Revision history for this message

John Cooper (choffee) wrote on 2011-07-26:

This has been fixed in Debian

http://anonscm.debian.org/gitweb/?p=pkg-shibboleth/opensaml2.git;a=log;h=refs/tags/debian/2.3-2%2Bsqueeze1

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2011-08-01:

Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

visibility:	private → public
Changed in opensaml2 (Ubuntu Oneiric):
status:	New → Invalid
Changed in opensaml2 (Ubuntu Natty):
status:	New → Confirmed
Changed in opensaml2 (Ubuntu Maverick):
status:	New → Fix Released
Changed in opensaml2 (Ubuntu Lucid):
status:	New → Confirmed
importance:	Undecided → Medium
Changed in opensaml2 (Ubuntu Natty):
importance:	Undecided → Medium
Changed in opensaml2 (Ubuntu Maverick):
importance:	Undecided → Medium

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2011-08-10:

FYI, a fix for lucid was contributed in bug #817199. An update will be published for lucid today. Marking lucid task as fix released.

Changed in opensaml2 (Ubuntu Lucid):
status:	Confirmed → Fix Released

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2012-11-02:

Thank you for reporting this bug to Ubuntu. natty has reached EOL
(End of Life) and is no longer supported. As a result, this bug
against natty is being marked "Won't Fix". Please see
https://wiki.ubuntu.com/Releases for currently supported Ubuntu
releases.

Please feel free to report any other bugs you may find.

Changed in opensaml2 (Ubuntu Natty):
status:	Confirmed → Won't Fix

Mathew Hodson (mhodson) on 2019-05-03

Changed in opensaml2 (Ubuntu):
status:	Invalid → Fix Released
Changed in opensaml2 (Ubuntu Oneiric):
status:	Invalid → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

Duplicate of bug #817199 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuopensaml2 package

Shibboleth Security Advisory [25 July 2011]

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
opensaml2 package