-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ----------------------------------------------------------------------- Debian LTS Advisory DLA-2599-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta March 19, 2021 https://wiki.debian.org/LTS - -----------------------------------------------------------------------
Package : shibboleth-sp2 Version : 2.6.0+dfsg1-4+deb9u2 CVE ID : not yet available Debian Bug : 985405 Toni Huttunen discovered that the Shibboleth service provider's template engine used to render error pages could be abused for phishing attacks. For additional information please refer to the upstream advisory at https://shibboleth.net/community/advisories/secadv_20210317.txt For Debian 9 stretch, this problem has been fixed in version 2.6.0+dfsg1-4+deb9u2. We recommend that you upgrade your shibboleth-sp2 packages. For the detailed security status of shibboleth-sp2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/shibboleth-sp2 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmBT3hwACgkQgj6WdgbD S5Z1tw/9GKE6ptM+ZVOzgspwoYw+ga4DdMepDqCRvFc02SOcrz+qyFM53FuzngZ9 v44iPDVfh6qEIVinhNXk2Kc67EQEFsWXGW0382rSSiX52kehSd5W+yfSQVEvrnXN /1wv3Iv3v1ae7liFPpI+74mwZTK6m5QulDXPJek1FBxeY8xaAfkjzLqgNdtgYibv eWGZ4P4Rte//xdkolnPzvqyOCFYBOKto9hQYJgz7zmVWTy5dW3V83c9OT1N7DgTW Vei+bAtTU1SIpCdm7B032tzOMC3Vl0pmgE09Hzkf+mEIEglNW45dxhIyF8BXY+QS wPCuQZ/GKWYyMgHLpEdXi1CXTFB9hIXWHYgavroKdDiVXypv9SNZjdYTgyLfQUZz iW8nCMgmWiJp9V1Xd4ZsK8THjIdbwckLhPaUW6CPVj7c9i/xiO7DX1bhb0Ncp+EC 17bq+2P00RQndXBPLu7KY/JqRxaZ5xWFbvIhZNyvBE20XYm4mVLXPwUcrDRxsf2v zZR8ilqYu9EQEZtsU87VzCfr3a+BrQ69/NOjvCayfKF2ezHp20jatb/IQlcelG/B 6l9JSLrSsurOciudWsOZzKGxOHzmtgLveqXiUh/hgl8eIm4UeWkI/tAr7BwMTbYP 2lrKxmYTCJ9YP1NiU1cH/4KlwZbLZ2QBYAlohiNVD3jCxka2uCY= =s8XL -----END PGP SIGNATURE-----
