Candidate: CVE-2011-1411
PublicDate: 2011-09-02 23:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1411
Description:
 Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and
 IdP before 2.3.2, allows remote attackers to forge messages and bypass
 authentication via an "XML Signature wrapping attack."
Ubuntu-Description: 
Notes: 
Bugs: 
 https://bugs.launchpad.net/ubuntu/+source/opensaml2/+bug/816315
 https://bugs.launchpad.net/ubuntu/+source/opensaml2/+bug/817199
 https://bugs.launchpad.net/ubuntu/+source/opensaml/+bug/832695
Priority: medium
Discovered-by:
Assigned-to: 
CVSS: 

Patches_opensaml2:
 vendor: http://www.debian.org/security/2011/dsa-2284
upstream_opensaml2: released (2.4.3-1)
hardy_opensaml2: DNE
lucid_opensaml2: released (2.3-1ubuntu0.1)
maverick_opensaml2: released (2.3-2+squeeze1build0.10.10.1)
natty_opensaml2: ignored (reached end-of-life)
oneiric_opensaml2: not-affected (2.4.3-1)
precise_opensaml2: not-affected (2.4.3-1)
quantal_opensaml2: not-affected (2.4.3-1)
devel_opensaml2: not-affected (2.4.3-1)

Patches_opensaml:
upstream_opensaml: needs-triage
hardy_opensaml: ignored (reached end-of-life)
lucid_opensaml: DNE
maverick_opensaml: DNE
natty_opensaml: DNE
oneiric_opensaml: DNE
precise_opensaml: DNE
quantal_opensaml: DNE
devel_opensaml: DNE