-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------- Debian Security Advisory DSA-5879-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff
March 16, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : opensaml
CVE ID : not yet available

Alexander Tan discovered that the OpenSAML C++ library was susceptible
to forging of signed SAML messages. For additional details please refer
to the upstream advisory at https://shibboleth.net/community/advisories/secadv_20250313.txt

For the stable distribution (bookworm), this problem has been fixed in
version 3.2.1-3+deb12u1.

We recommend that you upgrade your opensaml packages.

For the detailed security status of opensaml please refer to
its security tracker page at: https://security-tracker.debian.org/tracker/opensaml

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmfXICAACgkQEMKTtsN8 TjZmyg/9H263wYNCU3wtNVSqbeZzirWnsLWj2EE9RBFIlN0eCanhF7P9seZ37dy5 VXPc/rLNY+WQWnuypz8Rz7c24znrmygRS7b0FXRN5mTGS5jd6fH+StzcMvSYVTps JZYHvqjd0Fz6IQUjoch+kVPLwDtIH7qMQ1ClKbXRUhXtnn2W72hvrvczmWsHP0e3 zVih4LA22/XOsNsbpEFWNQx9VBbANRl/fMpOsvcpvPW8DaQZ7rzcYCCCXzODv9Rd S7aGCh8hoj3ZZ0vEuYXmdO+0HS270AgH+n57NFd5anrHdMwRFYow/zTFKjhEveqz kd8xEbF5W2sN8wSYo9lKCqxh2T2waLTbQXsLkD0iMnhaC+pvWwkvcUDcCygIj3S9 t5A+ezSRM1jIwSmU9unU3FoUF/5h4UaoQw171GsQj939Z3YLei83DSMuOsG3gQ0S uc0P4Rs4mUAE6ZQtJxz3DR4u07Pn7fatUVBJTmgUxioR2/Wxy9OWXVb3mW5AZEzy GsE4/1CbwQU84GZhweJ2fer6Ack9/bmVBL0VBcDG7JDMb3ZPj7FIwsoRCz82s1AT TitGr50EyOMQjGikwiAvDEDZjer2wa/clkgOU5og10e7PfYgQliTE7/AXlI5Kpn0 UxFEQDOTjFMiZKKv6j0VAz+ScVXpj44R/lxLByKVCq/SCZaIygc=
=psIo
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)