| Package | opensaml |
|---|---|
| Version | 3.0.1-1+deb10u1 (buster) |
| Related CVEs | CVE-2025-31335 |
Alexander Tan discovered that the OpenSAML C++ library was susceptible to forging of signed SAML messages. For additional details please refer to the upstream advisory at https://shibboleth.net/community/advisories/secadv_20250313.txt
For Debian 8 (jessie) and 9 (stretch), see separate ELA-1394-1 for opensaml2.
For Debian 10 buster, these problems have been fixed in version 3.0.1-1+deb10u1.
We recommend that you upgrade your opensaml packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.