Information on source package shibboleth-sp2

Available versions

ReleaseVersion
jessie2.5.3+dfsg-2+deb8u2
stretch2.6.0+dfsg1-4+deb9u2

Resolved issues

BugDescription
CVE-2021-28963Shibboleth Service Provider before 3.2.1 allows content injection beca ...
CVE-2017-16852shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataPro ...
CVE-2015-2684Shibboleth Service Provider (SP) before 2.5.4 allows remote authentica ...
CVE-2010-2450The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/s ...
CVE-2009-3476Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibbole ...
CVE-2009-3475Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and ...
CVE-2009-3474OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by ...
CVE-2009-3300Multiple cross-site scripting (XSS) vulnerabilities in the Identity Pr ...

Security announcements

DSA / DLADescription
ELA-385-1shibboleth-sp2 - security update
DLA-2599-1shibboleth-sp2 - security update
DLA-1179-1shibboleth-sp2 - security update
DSA-4038-1shibboleth-sp2 - security update
DLA-259-1shibboleth-sp2 - security update
DSA-3207-1shibboleth-sp2 - security update
DSA-1947-1opensaml2 shibboleth-sp shibboleth-sp2 - cross-site scripting
DSA-1895-2opensaml2, shibboleth-sp2 - interpretation conflict
Search for package or bug name: Reporting problems