--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-10235
2015-06-20 13:37:02
--------------------------------------------------------------------------------

Name        : opensaml-java
Product     : Fedora 22
Version     : 2.5.3
Release     : 9.fc22
URL         : https://www.opensaml.org/
Summary     : Java OpenSAML library
Description :
OpenSAML is a set of open source C++ & Java libraries meant to support
developers working with the Security Assertion Markup Language (SAML).
OpenSAML 2, the current version, supports SAML 1.0, 1.1, and 2.0.

--------------------------------------------------------------------------------
Update Information:

* OpenSAML Java: HTTPS Connections Via HTTP Resources Do Not Perform Hostname Verification
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jun 16 2015 Marek Goldmann  - 2.5.3-9
- Use mvn name for tomcat BR
* Fri May  8 2015 Marek Goldmann  - 2.5.3-8
- RHBZ#1132022, HTTPS Connections Via HTTP Resources Do Not Perform Hostname
  Verification
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1131823 - CVE-2014-3603 OpenSAML Java: HTTPS Connections Via HTTP Resources Do Not Perform Hostname Verification
        https://bugzilla.redhat.com/show_bug.cgi?id=1131823
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update opensaml-java' at the command line.
For more information, refer to "Managing Software with yum",
available at .

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Fedora 22: opensaml-java Security Update

August 7, 2015
* OpenSAML Java: HTTPS Connections Via HTTP Resources Do Not Perform Hostname Verification

Summary

OpenSAML is a set of open source C++ & Java libraries meant to support

developers working with the Security Assertion Markup Language (SAML).

OpenSAML 2, the current version, supports SAML 1.0, 1.1, and 2.0.

Update Information:

* OpenSAML Java: HTTPS Connections Via HTTP Resources Do Not Perform Hostname Verification

Change Log

* Tue Jun 16 2015 Marek Goldmann - 2.5.3-9 - Use mvn name for tomcat BR * Fri May 8 2015 Marek Goldmann - 2.5.3-8 - RHBZ#1132022, HTTPS Connections Via HTTP Resources Do Not Perform Hostname Verification

References

[ 1 ] Bug #1131823 - CVE-2014-3603 OpenSAML Java: HTTPS Connections Via HTTP Resources Do Not Perform Hostname Verification https://bugzilla.redhat.com/show_bug.cgi?id=1131823

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update opensaml-java' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
Name : opensaml-java
Product : Fedora 22
Version : 2.5.3
Release : 9.fc22
URL : https://www.opensaml.org/
Summary : Java OpenSAML library