-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 06 Sep 2025 11:46:12 +0200 Source: shibboleth-sp Binary: libapache2-mod-shib libapache2-mod-shib-dbgsym libshibsp-dev libshibsp-plugins libshibsp-plugins-dbgsym libshibsp12 libshibsp12-dbgsym shibboleth-sp-utils shibboleth-sp-utils-dbgsym Architecture: riscv64 Version: 3.5.0+dfsg-2+deb13u1 Distribution: trixie-security Urgency: high Maintainer: riscv64 Build Daemon (rv-manda-02) Changed-By: Ferenc Wágner Description: libapache2-mod-shib - Federated web single sign-on system (Apache module) libshibsp-dev - Federated web single sign-on system (development) libshibsp-plugins - Federated web single sign-on system (plugins) libshibsp12 - Federated web single sign-on system (runtime) shibboleth-sp-utils - Federated web single sign-on system (daemon and utilities) Closes: 1114506 Changes: shibboleth-sp (3.5.0+dfsg-2+deb13u1) trixie-security; urgency=high . * [627cc27] New patch: SSPCPP-1014 - Extend escaping in strings. Fix SQL injection vulnerability in Service Provider ODBC plugin: specially crafted inputs can exfiltrate information stored in the database used by the SP. The vulnerability is moderate to high severity for anyone using the ODBC plugin, and of no impact for others. Thanks to Scott Cantor (Closes: #1114506) Checksums-Sha1: 4bfa66bc01676121d5e51860e596cfc3fcdaf0c7 320012 libapache2-mod-shib-dbgsym_3.5.0+dfsg-2+deb13u1_riscv64.deb 1c1fdec48ac93787b54277202f5817e5a4e02d58 65260 libapache2-mod-shib_3.5.0+dfsg-2+deb13u1_riscv64.deb 466a07448fa720e60177bff60d1ce07c97399757 54688 libshibsp-dev_3.5.0+dfsg-2+deb13u1_riscv64.deb 6bfefbf64fae76eba76a921ddb3515eb806e9466 1815708 libshibsp-plugins-dbgsym_3.5.0+dfsg-2+deb13u1_riscv64.deb 0ef887776f956d8284506651e222a65d4eeb754c 171708 libshibsp-plugins_3.5.0+dfsg-2+deb13u1_riscv64.deb d9902c09d021fe81c4b519a781394ffebed4c8e5 15277504 libshibsp12-dbgsym_3.5.0+dfsg-2+deb13u1_riscv64.deb c29d441e9f8583bca4fe5f05c7c8e1a00ba898ee 979512 libshibsp12_3.5.0+dfsg-2+deb13u1_riscv64.deb 571b5ebe64f8722a48cc91359f79f9d1150f34d3 380084 shibboleth-sp-utils-dbgsym_3.5.0+dfsg-2+deb13u1_riscv64.deb d61d9ad7c780fd42ec5991615446d5dfc0853c40 78696 shibboleth-sp-utils_3.5.0+dfsg-2+deb13u1_riscv64.deb e5f47084da5c37431a9a2597702df826b5903bf7 11958 shibboleth-sp_3.5.0+dfsg-2+deb13u1_riscv64-buildd.buildinfo Checksums-Sha256: 4137ab45e5559719fe79b29c0c2046e6faf5f1d59d425a9aa08aa89b4f324e95 320012 libapache2-mod-shib-dbgsym_3.5.0+dfsg-2+deb13u1_riscv64.deb 4696084eb0ed3068bcd1367dda33ea0865010e998a6703ba059cad260023c8df 65260 libapache2-mod-shib_3.5.0+dfsg-2+deb13u1_riscv64.deb 188a793e76f682ced1f4de02aae465e84d151cf3f3ac25ec449a06171d834ca0 54688 libshibsp-dev_3.5.0+dfsg-2+deb13u1_riscv64.deb 30c97a73176d0a193afbcdc464bc633e9ad8a5794b384f9526b4676292536079 1815708 libshibsp-plugins-dbgsym_3.5.0+dfsg-2+deb13u1_riscv64.deb 1dbf8d159cd0b3cf878570b7bbe22615118bba9b206acb47f29e0bfd07cb1022 171708 libshibsp-plugins_3.5.0+dfsg-2+deb13u1_riscv64.deb 8556ea0b29110aad3da940bfc302cedfccacb2a0071c798179d89d0e71593edf 15277504 libshibsp12-dbgsym_3.5.0+dfsg-2+deb13u1_riscv64.deb c30788232ed4aef00d2e54e7f06229d4c7f6b1423af34189d2532d6f6d685714 979512 libshibsp12_3.5.0+dfsg-2+deb13u1_riscv64.deb 03666b044d3b02e293ffe45e5051b06d21decb5c31cd9f2671d7e3357ddaca8a 380084 shibboleth-sp-utils-dbgsym_3.5.0+dfsg-2+deb13u1_riscv64.deb ac163e35392dd159171d0d90498c6da622fbb889d95ee83463639952c1e54cbc 78696 shibboleth-sp-utils_3.5.0+dfsg-2+deb13u1_riscv64.deb 4bc66eb313ba8adcb8cd0a6d63e1e9b17d203879ef95d3365167e513c4970817 11958 shibboleth-sp_3.5.0+dfsg-2+deb13u1_riscv64-buildd.buildinfo Files: bb4588e9a7d787c40a46ac492c6dbac1 320012 debug optional libapache2-mod-shib-dbgsym_3.5.0+dfsg-2+deb13u1_riscv64.deb d20766df2eaf11922f2d820844de06ea 65260 httpd optional libapache2-mod-shib_3.5.0+dfsg-2+deb13u1_riscv64.deb f7cc79341b63b68fdc4eac93bbf58fa9 54688 libdevel optional libshibsp-dev_3.5.0+dfsg-2+deb13u1_riscv64.deb f02bbb0133ad6aae9abd6087e3372cef 1815708 debug optional libshibsp-plugins-dbgsym_3.5.0+dfsg-2+deb13u1_riscv64.deb 83036598f8a11acdeff7d83e3cf0236d 171708 libs optional libshibsp-plugins_3.5.0+dfsg-2+deb13u1_riscv64.deb aa02c683001706b7796b6a415d479e36 15277504 debug optional libshibsp12-dbgsym_3.5.0+dfsg-2+deb13u1_riscv64.deb 8a4530929049a7cb3ed9118b925d5bbd 979512 libs optional libshibsp12_3.5.0+dfsg-2+deb13u1_riscv64.deb 50a7b4b1af2b5fe79e61135a69558ef9 380084 debug optional shibboleth-sp-utils-dbgsym_3.5.0+dfsg-2+deb13u1_riscv64.deb 3d678b1343e218829bc259f6a110d94a 78696 web optional shibboleth-sp-utils_3.5.0+dfsg-2+deb13u1_riscv64.deb f316ef02e764d3e9a50bac1618378c5b 11958 web optional shibboleth-sp_3.5.0+dfsg-2+deb13u1_riscv64-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEZCNWv4o0aFus/QQ2Z6fAiwS3UMEFAmi8kFYACgkQZ6fAiwS3 UMHeRw//ROJvX/RS9654YelP5d5yLRqlzkooS0540o31rUMNS8ltJFwRas23P54Z NVdpwt/m80TW+IBDL5qJu8IOdZLhrC9QDWQjSi3WXuufAQkfn2FH617oA02OTswe STK4qpZYY6lIhj3/UO+Cc8ZWybyKES7hyizdt3iBP895fcbg5+z9XkhMxGeCbdeY 1mbT8CjsJpdlzVFcsg2DIUsXxRw+1LBhRvRFyRxAZ20kAb6HiVKOhr/qpe+blz0J Ko2o05Wcm4d8RJz+rUgb6Nme3hZBfxUwzDiLiINQi9OQVMAcpC/IdDhOyQMtbVoZ jLwa60T/kPpfrTO4A21sthNi84hslKimtXh8yUcSKhaWLpqNut77kh+OSVfAlzNV 35DQ/Sc2OsUOHsmvTBL5wLsN8ZU4y5qRNH6cnoqo+kKyMfYWUwPowYI0O6Pn7VAD g8ia3NYSbNEZybRBZv7ZXXB11XjYJzF/hfttooZy2bwlPg7CFHtQvMvr1FDeVf92 GQjHfUOyGN7fgYd0izCOMjgy5S9cBUQiRpUmgFaZIlnqzX0kq6+PegMuGMQt7nJH eISGFspim/GDskxz5yJX6QbUepuTyjMLGEjj0fXr7/j39ep6SxUDoS+KmsTOq5WT V1ajZZ6uENUMZ//jqWzhxvDdp8m+Vmmr2pNzRSuS8LQ8sOduAXE= =WhKH -----END PGP SIGNATURE-----