-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4300-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès September 14, 2025 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : shibboleth-sp Version : 3.2.2+dfsg1-1+deb11u1 CVE ID : CVE-2025-9943 Debian Bug : 1114506 Florian Stuhlmann discovered a SQL vulnerability in the ODBC plugin in the Shibboleth Service Provider which may result in information leak. For Debian 11 bullseye, this problem has been fixed in version 3.2.2+dfsg1-1+deb11u1. We recommend that you upgrade your shibboleth-sp packages. For the detailed security status of shibboleth-sp please refer to its security tracker page at: https://security-tracker.debian.org/tracker/shibboleth-sp Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmjHK6YACgkQADoaLapB CF/NrQ/9EZLrDqNBvFbMppU+7LIyiaGCP4K+9D134myIxm9vkWrmZ+kmoV8vjaOq AZXBqp8JiBO/hqAlO8z+SSnRsSH5kja+5VdNWvTiBZnOP4Gw6Qv5nUlwiaHnBQ2G mO0I72rfAl7c2QaL03yTiRc+iPPjxiJgCncTpss6JxWzfPwY7GdEMOd3lCOx6TJy GghFPUBLUrVpoZoiVFMr4fdmmw1JcwyMjJCBPO08I1pF93QIxJodiw2wVM3VLwnD YVapWPN1zoc+5MiI24xiDLoBQfUVPvjzhaoSYJ4DsiTVIiScdXg9pOThdyWz7hxk wYLZFKJcOc/di7iCDtcjCcAJOk+nisUwCOAevX4yVgA5lZCQc3RwjTDbI170kIH0 bc4yArpO2HCx2LENdVm0P3cs9d1y14ZJPkCCT8CGLgGJgbdbevycqCIxGJ4VSsfb ljdxnXat+Prk2Czy5WRgl8cN2ud3AhUUnkNrmLj1inrPi4Xw1tDSMNLBlp4GWvMY tGpJ8Wmzna7bI41X3IF9spTeT/oXpRA3Ze3iK+XBehbDkL9WEuRH9/7qSt0Lx5h9 SbNRzqMKwu17KL+w1w+4NtJ8kTUEIyvbb9MrXTpbjHSb+wzNNb4YAUSi2SobnxBb X1/vA2nYqPdI7rl00YW2b2/bhdP2YVs08uOMlVAxaPqjnqci0XI= =UNnW -----END PGP SIGNATURE-----
