-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 27 Oct 2011 16:32:41 +0200
Source: simplesamlphp
Binary: simplesamlphp
Architecture: source all
Version: 1.6.3-2
Distribution: stable
Urgency: high
Maintainer: Thijs Kinkhorst <thijs@debian.org>
Changed-By: Thijs Kinkhorst <thijs@debian.org>
Description: 
 simplesamlphp - Authentication and federation application supporting several prot
Changes: 
 simplesamlphp (1.6.3-2) stable; urgency=high
 .
   * Apply upstream patch fixing security issues:
     - It may be possible to use an SP as a oracle to decrypt
       encrypted messages sent to that SP. This is the attack
       described in the paper "How to break XML encryption":
       http://dx.doi.org/10.1145/2046707.2046756
     - It may be possible to use the SP as a key oracle which
       can be used to  forge messages from that SP by issuing
       300000-2000000 queries to the SP. This mainly affects
       SPs that use signed authentication requests. The attack
       is described in "Chosen Ciphertext Attacks Against
       Protocols Based on the RSA Encryption Standard PKCS #1.":
       http://www.iacr.org/cryptodb/data/paper.php?pubkey=1037
Checksums-Sha1: 
 e408a8baf35ee8b5b169e44ae4697ccc0cbec89e 1516 simplesamlphp_1.6.3-2.dsc
 bb4d0307547d3a50a756d4525ef0aee704046160 1490832 simplesamlphp_1.6.3.orig.tar.gz
 6ea93e3288acb8ea30ecdc8d077298b8a8839687 9334 simplesamlphp_1.6.3-2.debian.tar.gz
 352be82b1a3a1f0d99306603dd18cb5a0caa215b 1402150 simplesamlphp_1.6.3-2_all.deb
Checksums-Sha256: 
 b64977203ddf51a0e14a6a619d410a4d64f76a9aee2c6c3c84c7d1c0326ed7df 1516 simplesamlphp_1.6.3-2.dsc
 7b08b43e2015e5287ddaa9ccaf7eb859d8691d2bff5433e12b4b39f477771c23 1490832 simplesamlphp_1.6.3.orig.tar.gz
 13f30d3c77e1b12450ebe3fb8c3e5678829e9f4ce7f132fafe7c2f9a021c0407 9334 simplesamlphp_1.6.3-2.debian.tar.gz
 49760fc280e0bab4c7667e7ab008353fae6b7fd2c4359c61e213335a1560a029 1402150 simplesamlphp_1.6.3-2_all.deb
Files: 
 449f892d80e8ce80e4b380da0949c95d 1516 web extra simplesamlphp_1.6.3-2.dsc
 dc16a731ba7ee71ab9082cb8fc97d674 1490832 web extra simplesamlphp_1.6.3.orig.tar.gz
 e1658c912c370c9e7d02a43ef7ad0c6e 9334 web extra simplesamlphp_1.6.3-2.debian.tar.gz
 c659b1411b7f34fe38fe1914086b3e07 1402150 web extra simplesamlphp_1.6.3-2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJOqWxTAAoJEOxfUAG2iX57ObMH+wYDyfTutPZZq52nIYrg+7rH
sguDv4jBwHZ3cd/jrERw+rsoZD5UmJEsL5zmL38oGKFA2fw09LEmDppu1h1cLiMn
/W53de5vbjLs89JmpI//Eah83yQTGnU8B4oFyOqYDBRzE3INy72VXF0XAWuR98yf
C4EfXFhKUmNqR65enYgiK5RtTvU6IXzj83MGTknnx+bbS/+Cd0ghliPYhCGWcQ9+
SEeNeYDYS4LCfFyhdNwnD0h+PocYyBYsMZmB2IphNv8pBdlEmN+nNTRVRoK7ngrs
6oBAFXmu63VNtxbnQ2G7HTobfENrhkdIFzptN1C3g56cchwZbA/MTn2gTdcNhgQ=
=x3TJ
-----END PGP SIGNATURE-----