CVE-2009-3476
Published: 29 September 2009
Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed encoded URL.
Priority
Status
Package | Release | Status |
---|---|---|
opensaml Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Ignored
(end of life)
|
|
intrepid |
Released
(1.1.1-2+lenny1build0.8.10.2)
|
|
jaunty |
Released
(1.1.1-2+lenny1build0.9.04.2)
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
upstream |
Released
(1.1.3)
|
|
shibboleth-sp Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Ignored
(end of life)
|
|
intrepid |
Ignored
(end of life, was needed)
|
|
jaunty |
Released
(1.3.1.dfsg1-3+lenny1build0.9.04.2)
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
upstream |
Released
(1.3.4)
|
|
xmltooling Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
intrepid |
Released
(1.0-2+lenny1build0.8.10.1)
|
|
jaunty |
Released
(1.0-2+lenny1build0.9.04.1)
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Not vulnerable
(1.2.2-1)
|
|
maverick |
Not vulnerable
(1.2.2-1)
|
|
natty |
Not vulnerable
(1.2.2-1)
|
|
oneiric |
Not vulnerable
(1.2.2-1)
|
|
upstream |
Released
(1.2.2-1)
|