-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 06 Sep 2025 11:46:12 +0200 Source: shibboleth-sp Binary: libapache2-mod-shib libapache2-mod-shib-dbgsym libshibsp-dev libshibsp-plugins libshibsp-plugins-dbgsym libshibsp12 libshibsp12-dbgsym shibboleth-sp-utils shibboleth-sp-utils-dbgsym Architecture: i386 Version: 3.5.0+dfsg-2+deb13u1 Distribution: trixie-security Urgency: high Maintainer: amd64 / i386 Build Daemon (x86-ubc-02) Changed-By: Ferenc Wágner Description: libapache2-mod-shib - Federated web single sign-on system (Apache module) libshibsp-dev - Federated web single sign-on system (development) libshibsp-plugins - Federated web single sign-on system (plugins) libshibsp12 - Federated web single sign-on system (runtime) shibboleth-sp-utils - Federated web single sign-on system (daemon and utilities) Closes: 1114506 Changes: shibboleth-sp (3.5.0+dfsg-2+deb13u1) trixie-security; urgency=high . * [627cc27] New patch: SSPCPP-1014 - Extend escaping in strings. Fix SQL injection vulnerability in Service Provider ODBC plugin: specially crafted inputs can exfiltrate information stored in the database used by the SP. The vulnerability is moderate to high severity for anyone using the ODBC plugin, and of no impact for others. Thanks to Scott Cantor (Closes: #1114506) Checksums-Sha1: 587ee369a8ba910a8237078b6b4076f0addbc298 392652 libapache2-mod-shib-dbgsym_3.5.0+dfsg-2+deb13u1_i386.deb aaa0942f986ea58563d60f61e2a657557d874574 70452 libapache2-mod-shib_3.5.0+dfsg-2+deb13u1_i386.deb 99d8997bd41c255731696ef5a6176f155e075536 54700 libshibsp-dev_3.5.0+dfsg-2+deb13u1_i386.deb fd72920dce5baab8f11410fac21db7e9157a5352 2392868 libshibsp-plugins-dbgsym_3.5.0+dfsg-2+deb13u1_i386.deb a0f2afadd2cef31615c50c00f2111fa584f3bf99 193816 libshibsp-plugins_3.5.0+dfsg-2+deb13u1_i386.deb 610486e1c4aadd01f30815ac4c983ff96bc143b8 21011184 libshibsp12-dbgsym_3.5.0+dfsg-2+deb13u1_i386.deb 760f833220be2af20341b8f1176ccbf64893ef9d 1113908 libshibsp12_3.5.0+dfsg-2+deb13u1_i386.deb 242f85d82acde3cb66b3e356497cd1530ab6e54b 453472 shibboleth-sp-utils-dbgsym_3.5.0+dfsg-2+deb13u1_i386.deb add7f5def2da1b856492e3f485dbebdcfd1c2d7c 81296 shibboleth-sp-utils_3.5.0+dfsg-2+deb13u1_i386.deb 787e61344b440ec13237bca3fdd63b55a0461c7c 11847 shibboleth-sp_3.5.0+dfsg-2+deb13u1_i386-buildd.buildinfo Checksums-Sha256: faf1e7c85dc3b16a94c29682bc5573529202072c1ce054170ad49bdb9567caa8 392652 libapache2-mod-shib-dbgsym_3.5.0+dfsg-2+deb13u1_i386.deb cc7ba9cd428d769bdc70396e5effdbbcbfcc1231f7b81eaec0ddca9b0b7edb88 70452 libapache2-mod-shib_3.5.0+dfsg-2+deb13u1_i386.deb 79d86f1ec95fb4b27f24333cb09a88b102b6113a8d1ae0eb7c62ada762fabec0 54700 libshibsp-dev_3.5.0+dfsg-2+deb13u1_i386.deb b5cea582a8622279777dab4a696ef21c881977ef1353926ddee2ae7bc6deaedb 2392868 libshibsp-plugins-dbgsym_3.5.0+dfsg-2+deb13u1_i386.deb 1553f01385e0da3d5bf0ceef6f943ab6f2ade894ac879a1bfd51167175ca4abc 193816 libshibsp-plugins_3.5.0+dfsg-2+deb13u1_i386.deb 588cd0a001abea78cfae0ac2e03107e96d0b1826566121c9a7a88eac932ba606 21011184 libshibsp12-dbgsym_3.5.0+dfsg-2+deb13u1_i386.deb d88d2bc9064cda3c815d2f6f3ee3fd57f473e91d9d3cf61eb11099ef1563d976 1113908 libshibsp12_3.5.0+dfsg-2+deb13u1_i386.deb 41257968b71793826e13ce2ec8811a743cc2c1118fc55e0e9aac37359de8024a 453472 shibboleth-sp-utils-dbgsym_3.5.0+dfsg-2+deb13u1_i386.deb 1e1104208045a97bc47a74767f56d0c74c42702a2baf3ffe359577e741111157 81296 shibboleth-sp-utils_3.5.0+dfsg-2+deb13u1_i386.deb a8db34b19176b692c5275210694e06d93bd649da57771e29bbf5485ea07e4b1c 11847 shibboleth-sp_3.5.0+dfsg-2+deb13u1_i386-buildd.buildinfo Files: 3b26f3de96dd649d64de93babcf16778 392652 debug optional libapache2-mod-shib-dbgsym_3.5.0+dfsg-2+deb13u1_i386.deb abbadd5b25fda27f37778d28e5fe02d3 70452 httpd optional libapache2-mod-shib_3.5.0+dfsg-2+deb13u1_i386.deb fd2b9d3bfd8ba322947ea4a25b01df6d 54700 libdevel optional libshibsp-dev_3.5.0+dfsg-2+deb13u1_i386.deb 469d63c3596127fcd7fd3ac982df2d1d 2392868 debug optional libshibsp-plugins-dbgsym_3.5.0+dfsg-2+deb13u1_i386.deb e3eb7dbdcf011b4f78d7b1ac8f781aec 193816 libs optional libshibsp-plugins_3.5.0+dfsg-2+deb13u1_i386.deb 08495849bf72d70d6558133205810956 21011184 debug optional libshibsp12-dbgsym_3.5.0+dfsg-2+deb13u1_i386.deb a3ce24f027111c16cc2096874abf0d3b 1113908 libs optional libshibsp12_3.5.0+dfsg-2+deb13u1_i386.deb 15765151d8344248d2569a933a29cae5 453472 debug optional shibboleth-sp-utils-dbgsym_3.5.0+dfsg-2+deb13u1_i386.deb 893786515c43d0684d3f66d0c0dc51ce 81296 web optional shibboleth-sp-utils_3.5.0+dfsg-2+deb13u1_i386.deb 71c04137f6d31df704a723186794580e 11847 web optional shibboleth-sp_3.5.0+dfsg-2+deb13u1_i386-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEc5vuvf2HND40bnI+8IREj/cRiTMFAmi8h3cACgkQ8IREj/cR iTPzwA//RdI/Qufj4YmdGsg8HtHStcgqf3d/TAO5t5zfiq0FApw5FvGNZrz6tx1l gF+HrPPtAdyaF5aDro9xPXnIB2ZPg5RrKOwDGwBK0F4W7/XJUgiju54T9WlvqoVW TknXO+U4/YOLIkG4vrjuDT2bufmOsFcybcDUrEEAXNSr6EJkwgHSp8cIgYDx0S0T FHVkHgni7Ns7gA/TlPEMKVn3B8M6iOBnalahLkMDLdKTvUOnpPanq/33s6RIJjKl jb3atdNwnqmIwfu1BZ5t2PSJlROllm0fWTYhLAkgSJXz6iG5MrSuhmz7YdL6cHxG hJGAaEVEThH06U5sFOva9qfuTnoIj8LL1srlXIebC32OpS6l3gYyUSZcxNwQ3uY/ KAryc++2e152Udww3H9ihS+AMNkchG4MYVZCDfORUXecbblOcSbjqDPdELIPaH++ ew+V4yRh9EgqBhlOtvH5CSfB+Vm7wcRU1uTiWxYq19jeapeuTnAjwJQGCCgo1x+6 myXiDPM5ed+tZXvhI7FR/Ol5mKeU+xA3nlcM0CrYX6OJ3zBc2IXVjQHW70Xt/Tc0 o56wrdDNj73ws0xSx0SCkJNgcD8nzbe7DZhiauhRvafY502VEfIYUDmH4bmU5TVJ Ev9Dml7/ohs7OKosfCxWQA1mp3zAT79KKLv0gJ5Hbpf5q5tPYlA= =X021 -----END PGP SIGNATURE-----