ruby-saml (1.1.2-1ubuntu1+esm2) xenial-security; urgency=medium

  * SECURITY UPDATE: SAML authentication DOS
    - debian/patches/CVE-2025-25293.patch: prevent DOS abusing
      compressed messages
    - CVE-2025-25293 

 -- Julia Sarris <julia.sarris@canonical.com>  Tue, 01 Apr 2025 09:37:32 -0400

ruby-saml (1.1.2-1ubuntu1+esm1) xenial-security; urgency=medium

  * SECURITY UPDATE: SAML signature wrapping authentication bypass
    - debian/patches/CVE-2024-45409.patch: use correct XPaths, resolve
      to correct elements and block references that resolve to
      multiple nodes. Changes made to lib/xml_security.rb
    - CVE-2024-45409
    
  * SECURITY UPDATE: Authentication bypass improper text processing
    - debian/patches/CVE-2017-11428.patch: Proper processing of text 
      to include xml comments. Additional test added to check proper text 
      processing. Primary change made to /lib/onelogin/ruby-saml/utils.rb
      Added test to verify proper text processing.
    - CVE-2017-11428
  
  * SECURITY UPDATE: SAML signature wrapping improper validation
    - debian/patches/CVE-2016-5697.patch: Added validations to ensure
      URI's and ID's are unique/consistent, both encrypted and decrypted 
      document is consistent with scheme, proper signature validation.
      Changes made to /lib/onelogin/ruby-saml/response.rb
    - CVE-2016-5697
    
  * Skip NotBefore validity test causing FTBFS
    - debian/patches/ftbfs-skip-response-test-invalidNotBefore.patch:
        skips test in response_test.rb with invalid NotBefore value
 
 -- Elise Hlady <elise.hlady@canonical.com>  Mon, 10 Feb 2025 16:47:40 -0800

ruby-saml (1.1.2-1ubuntu1) xenial; urgency=medium

  * Fix testsuite.

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Thu, 14 Apr 2016 17:37:21 +0200

ruby-saml (1.1.2-1) unstable; urgency=medium

  * New upstream release
  * Enable tests

 -- Pirate Praveen <praveen@debian.org>  Tue, 15 Mar 2016 22:48:54 +0530

ruby-saml (1.0.0-1) unstable; urgency=medium

  * New upstream release
  * Check gemspec deps on build

 -- Pirate Praveen <praveen@debian.org>  Thu, 24 Sep 2015 20:16:24 +0530

ruby-saml (0.9.2-1) unstable; urgency=medium

  * Initial release (Closes: #790621)

 -- Pirate Praveen <praveen@debian.org>  Tue, 30 Jun 2015 19:07:07 +0530
