diff options
| author | girgen <girgen@FreeBSD.org> | 2015-07-23 21:21:05 +0800 |
|---|---|---|
| committer | girgen <girgen@FreeBSD.org> | 2015-07-23 21:21:05 +0800 |
| commit | 237b7ecd9fc205c0759acc666863f1ff3324de7e (patch) | |
| tree | a0355b5c25a6e2caf452710ed13c57da6b9a2f13 /security/opensaml2/Makefile | |
| parent | efcd8c07f8c93e21f0a937da4704f6a15c0844dd (diff) | |
| download | freebsd-ports-gnome-237b7ecd9fc205c0759acc666863f1ff3324de7e.tar.gz freebsd-ports-gnome-237b7ecd9fc205c0759acc666863f1ff3324de7e.tar.zst freebsd-ports-gnome-237b7ecd9fc205c0759acc666863f1ff3324de7e.zip | |
Shibboleth SP software crashes on well-formed but invalid XML.
The Service Provider software contains a code path with an uncaught
exception that can be triggered by an unauthenticated attacker by
supplying well-formed but schema-invalid XML in the form of SAML
metadata or SAML protocol messages. The result is a crash and so
causes a denial of service.
You must rebuild opensaml and shibboleth with xmltooling-1.5.5 or later.
The easiest way to do so is to update the whole chain including
shibboleth-2.5.5 an opensaml2.5.5.
URL: http://shibboleth.net/community/advisories/secadv_20150721.txt
Security: CVE-2015-2684
Diffstat (limited to 'security/opensaml2/Makefile')
| -rw-r--r-- | security/opensaml2/Makefile | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/opensaml2/Makefile b/security/opensaml2/Makefile index 1f947d5e888e..864e8bd57c97 100644 --- a/security/opensaml2/Makefile +++ b/security/opensaml2/Makefile @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= opensaml2 -PORTVERSION= 2.5.4 +PORTVERSION= 2.5.5 CATEGORIES= security MASTER_SITES= http://shibboleth.net/downloads/c++-opensaml/${PORTVERSION}/ DISTNAME= opensaml-${PORTVERSION} |