Package "liblasso3-dev"

Name: liblasso3-dev


Library for Liberty Alliance and SAML protocols - development kit

Latest version: 2.6.0-7ubuntu1.2
Release: focal (20.04)
Level: updates
Repository: main
Head package: lasso
Homepage: http://lasso.entrouvert.org


Download "liblasso3-dev"

Other versions of "liblasso3-dev" in Focal

Repository Area Version
base main 2.6.0-7ubuntu1
security main 2.6.0-7ubuntu1.2


Version: 2.6.0-7ubuntu1.2 2021-06-02 05:06:28 UTC

  lasso (2.6.0-7ubuntu1.2) focal-security; urgency=medium

  * SECURITY UPDATE: unsigned assertions after signed valid assertions
    are honored.
    - d/p/CVE-2021-28091.patch: Fix signature checking on unsigned
      response with multiple assertions
    - CVE-2021-28091

 -- Steve Beattie <email address hidden> Fri, 28 May 2021 14:49:51 -0700

Source diff to previous version
CVE-2021-28091 XML signature wrapping vulnerability when parsing SAML responses

Version: 2.6.0-7ubuntu1.1 2020-10-20 14:06:22 UTC

  lasso (2.6.0-7ubuntu1.1) focal; urgency=medium

  * d/p/Fix-ECP-signature-not-found-error-when-only-assertion.patch:
    Cherry-picked from upstream bugfix for handling authn responses correctly
    (LP: #1897117).

 -- Chris MacNaughton <email address hidden> Fri, 25 Sep 2020 14:29:11 +0000

1897117 [SRU] liblasso3 on Bionic fails to process the ECP authn response

About   -   Send Feedback to @ubuntu_updates