——————————————————————————–
Fedora Update Notification
FEDORA-2015-10175
2015-06-20 13:33:40
——————————————————————————–
Name : opensaml-java
Product : Fedora 21
Version : 2.5.3
Release : 9.fc21
URL : http://www.opensaml.org/
Summary : Java OpenSAML library
Description :
OpenSAML is a set of open source C++ & Java libraries meant to support
developers working with the Security Assertion Markup Language (SAML).
OpenSAML 2, the current version, supports SAML 1.0, 1.1, and 2.0.
——————————————————————————–
Update Information:
* OpenSAML Java: HTTPS Connections Via HTTP Resources Do Not Perform Hostname Verification
——————————————————————————–
ChangeLog:
* Tue Jun 16 2015 Marek Goldmann <mgoldman@redhat.com> – 2.5.3-9
– Use mvn name for tomcat BR
* Fri May 8 2015 Marek Goldmann <mgoldman@redhat.com> – 2.5.3-8
– RHBZ#1132022, HTTPS Connections Via HTTP Resources Do Not Perform Hostname
Verification
——————————————————————————–
References:
[ 1 ] Bug #1131823 – CVE-2014-3603 OpenSAML Java: HTTPS Connections Via HTTP Resources Do Not Perform Hostname Verification
https://bugzilla.redhat.com/show_bug.cgi?id=1131823
——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update opensaml-java’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
——————————————————————————–
Fedora Update Notification
FEDORA-2015-10175
2015-06-20 13:33:40
——————————————————————————–
Name : opensaml-java-openws
Product : Fedora 21
Version : 1.5.5
Release : 2.fc21
URL : http://www.opensaml.org/
Summary : Java OpenWS library
Description :
The OpenWS library provides a growing set of tools to work with web services at
a low level. These tools include classes for creating and reading SOAP
messages, transport-independent clients for connecting to web services,
and various transports for use with those clients.
——————————————————————————–
Update Information:
* OpenSAML Java: HTTPS Connections Via HTTP Resources Do Not Perform Hostname Verification
——————————————————————————–
ChangeLog:
* Tue Jun 16 2015 Marek Goldmann <mgoldman@redhat.com> – 1.5.5-2
– Use mvn BR for tomcat API
* Fri May 8 2015 Marek Goldmann <mgoldman@redhat.com> – 1.5.5-1
– Upstream release 1.5.5
——————————————————————————–
References:
[ 1 ] Bug #1131823 – CVE-2014-3603 OpenSAML Java: HTTPS Connections Via HTTP Resources Do Not Perform Hostname Verification
https://bugzilla.redhat.com/show_bug.cgi?id=1131823
——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update opensaml-java-openws’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
——————————————————————————–
Fedora Update Notification
FEDORA-2015-10235
2015-06-20 13:37:02
——————————————————————————–
Name : opensaml-java-openws
Product : Fedora 22
Version : 1.5.5
Release : 2.fc22
URL : http://www.opensaml.org/
Summary : Java OpenWS library
Description :
The OpenWS library provides a growing set of tools to work with web services at
a low level. These tools include classes for creating and reading SOAP
messages, transport-independent clients for connecting to web services,
and various transports for use with those clients.
——————————————————————————–
Update Information:
* OpenSAML Java: HTTPS Connections Via HTTP Resources Do Not Perform Hostname Verification
——————————————————————————–
ChangeLog:
* Tue Jun 16 2015 Marek Goldmann <mgoldman@redhat.com> – 1.5.5-2
– Use mvn BR for tomcat API
* Fri May 8 2015 Marek Goldmann <mgoldman@redhat.com> – 1.5.5-1
– Upstream release 1.5.5
——————————————————————————–
References:
[ 1 ] Bug #1131823 – CVE-2014-3603 OpenSAML Java: HTTPS Connections Via HTTP Resources Do Not Perform Hostname Verification
https://bugzilla.redhat.com/show_bug.cgi?id=1131823
——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update opensaml-java-openws’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
——————————————————————————–
Fedora Update Notification
FEDORA-2015-10235
2015-06-20 13:37:02
——————————————————————————–
Name : opensaml-java
Product : Fedora 22
Version : 2.5.3
Release : 9.fc22
URL : http://www.opensaml.org/
Summary : Java OpenSAML library
Description :
OpenSAML is a set of open source C++ & Java libraries meant to support
developers working with the Security Assertion Markup Language (SAML).
OpenSAML 2, the current version, supports SAML 1.0, 1.1, and 2.0.
——————————————————————————–
Update Information:
* OpenSAML Java: HTTPS Connections Via HTTP Resources Do Not Perform Hostname Verification
——————————————————————————–
ChangeLog:
* Tue Jun 16 2015 Marek Goldmann <mgoldman@redhat.com> – 2.5.3-9
– Use mvn name for tomcat BR
* Fri May 8 2015 Marek Goldmann <mgoldman@redhat.com> – 2.5.3-8
– RHBZ#1132022, HTTPS Connections Via HTTP Resources Do Not Perform Hostname
Verification
——————————————————————————–
References:
[ 1 ] Bug #1131823 – CVE-2014-3603 OpenSAML Java: HTTPS Connections Via HTTP Resources Do Not Perform Hostname Verification
https://bugzilla.redhat.com/show_bug.cgi?id=1131823
——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update opensaml-java’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce