CVE-2017-16852

Priority
Description
shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider
plugin in Shibboleth Service Provider before 2.6.1 fails to properly
configure itself with the MetadataFilter plugins and does not perform
critical security checks such as signature verification, enforcement of
validity periods, and other checks specific to deployments, aka SSPCPP-763.
Notes
Package
Upstream:released (2.6.1+dfsg1-1)
Ubuntu 18.04 LTS:not-affected (2.6.1+dfsg1-2)
Ubuntu 20.04 LTS:DNE
Ubuntu 21.10:DNE
Ubuntu 22.04 LTS:DNE
Ubuntu 14.04 ESM:DNE (trusty was needed)
Patches:
More Information

Updated: 2022-04-25 00:19:48 UTC (commit ecc1009cb19540b950de59270950018900f37f15)