Accepted shibboleth-sp 3.0.4+dfsg1-1+deb10u2 (source) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 26 Apr 2021 15:37:15 +0200
Source: shibboleth-sp
Architecture: source
Version: 3.0.4+dfsg1-1+deb10u2
Distribution: buster-security
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel@lists.alioth.debian.org>
Changed-By: Ferenc Wágner <wferi@debian.org>
Closes: 987608
Changes:
shibboleth-sp (3.0.4+dfsg1-1+deb10u2) buster-security; urgency=high
.
* [2dd45b3] New patch: SSPCPP-927 - Check for missing DataSealer during
cookie recovery.
Fix a denial of service vulnerability: Session recovery feature contains
a null pointer dereference
The cookie-based session recovery feature added in V3.0 contains a
flaw that is exploitable on systems *not* using the feature if a
specially crafted cookie is supplied.
This manifests as a crash in the shibd daemon.
Because it is very simple to trigger this condition remotely, it
results in a potential denial of service condition exploitable by
a remote, unauthenticated attacker.
Thanks to Scott Cantor (Closes: #987608)
Checksums-Sha1:
aa91efd3b9c6f26b0ad95dfae340a49f41e8923c 3034 shibboleth-sp_3.0.4+dfsg1-1+deb10u2.dsc
936ea173fc1b0c9998f657b897650b9f7fdd84d1 79896 shibboleth-sp_3.0.4+dfsg1-1+deb10u2.debian.tar.xz
d74e5e9b65ef48c88c4294cf5a0d0ece4da1667c 14116 shibboleth-sp_3.0.4+dfsg1-1+deb10u2_amd64.buildinfo
Checksums-Sha256:
82ce3e5b624c34754807c76a70fc5549dc535e9c5d01af396b76966d9f9cf39d 3034 shibboleth-sp_3.0.4+dfsg1-1+deb10u2.dsc
01a3257b10e940430af70754daeccc29c08c091ae04a1fd519ff67cefb83b878 79896 shibboleth-sp_3.0.4+dfsg1-1+deb10u2.debian.tar.xz
74fdf85b4918fd5867fc5c858dd13c222327ca9dda34ed8901c1187ff07c0d56 14116 shibboleth-sp_3.0.4+dfsg1-1+deb10u2_amd64.buildinfo
Files:
f74cbb538977ef3921821dd62ca772df 3034 web optional shibboleth-sp_3.0.4+dfsg1-1+deb10u2.dsc
2cf9a7879a9838f4cdf8f0d023e957c4 79896 web optional shibboleth-sp_3.0.4+dfsg1-1+deb10u2.debian.tar.xz
22afb3d6e117204e01b703a96a5750d2 14116 web optional shibboleth-sp_3.0.4+dfsg1-1+deb10u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEwddEx0RNIUL7eugtOsj3Fkd+2yMFAmCGwyoACgkQOsj3Fkd+
2yMYoA//QzDdBzy8ibufj0OP+eFfZ3OUzg9payDQt0AVf0y1tWc1qRlfiYQef2tK
gZgkx0f612C2nbL9fvqLgpzpCbFAQNYkM4oGbF2gV+ID/sJ+ejAgFIMutGsgCBjW
/VXr3HBkEj5M39X3EJI/Fn/ba+OGCi93v00TQhN2ZawZ/PdnZKqy4n/NBD+JFnQd
g98/B+6thQZLgepdUNRCZfxc6sgwlsAi3eWHbPQEoOu/UDBNgOPtrs6RoVqSWwVy
1p+KuiYJa6BDwPbvNQEWPa1epTd1Z53E/fDe6A4bficW20Go3GkbX7Z5XXxkhH5p
webYb6fsJiG9+0lGnepInl+BBrbcb4H3aoVH9hG31xiJTO1ay3aLDSrUsjMSJCrF
nfcswAlYcQJUnUqAWcS3tz2L/BhMYPH4ina3AG/zWZimYxJiVfGpEbKFRIzmYThC
Pc11mcQFrXCfg4KAsWxwyeRwU2xeBt1IEBkivusOufPjWw0UJ8mB/li69bkWdWeH
LMOP5niAVczIKgNjnTURn9DTDIV/uUq8BWEIgu1aMFMVNCyRjd57jaFrvuMmZCdh
knBWwxkhZoQ5Q7I9f7UW0vtUqSqxyHmMDq70EuWPRqjkD4jCePpDqd2OuWUmfpXB
kn4Mn7cMP6r+MZwrDqKJEOOYUwQULmH5Dvii/LqwOCWJ0APgl98=
=rii5
-----END PGP SIGNATURE-----