-
lasso (2.6.0-7ubuntu2.1) groovy-security; urgency=medium
* SECURITY UPDATE: unsigned assertions after signed valid assertions
are honored.
- d/p/CVE-2021-28091.patch: Fix signature checking on unsigned
response with multiple assertions
- CVE-2021-28091
-- Steve Beattie <email address hidden> Fri, 28 May 2021 14:38:03 -0700
-
lasso (2.6.0-7ubuntu2) groovy; urgency=medium
* d/p/Fix-ECP-signature-not-found-error-when-only-assertion.patch:
Cherry-picked from upstream bugfix for handling authn responses correctly
(LP: #1897117).
-- Chris MacNaughton <email address hidden> Fri, 25 Sep 2020 14:29:11 +0000
-
lasso (2.6.0-7ubuntu1) focal; urgency=low
* Merge from Debian unstable. Remaining changes:
- d/p/PAOS-Do-not-populate-Destination-attribute.patch: Do not populate
"Destination" attribute (LP: #1833299)
-- Corey Bryant <email address hidden> Wed, 19 Feb 2020 09:54:35 -0500