ruby-saml (1.11.0-1+deb11u3) bullseye-security; urgency=medium

  * Non-maintainer upload by the LTS Team.
  * CVE-2025-54572: DoS with large SAML response

 -- Adrian Bunk <bunk@debian.org>  Mon, 25 Aug 2025 11:38:28 +0300

ruby-saml (1.11.0-1+deb11u2) bullseye-security; urgency=medium

  * Non-maintainer upload by the Debian LTS Team.
  * d/patches/CVE-2025-25291-and-CVE-2025-25292.patch. Add patch to fix
    CVE-2025-25291 and CVE-2025-25292 (closes: #1100441).
    - Fix an authentication bypass vulnerability.
  * d/patches/CVE-2025-25293-1.patch, d/patches/CVE-2025-25293-2.patch: Add
    patches to fix CVE-2025-25293.
    - Minimize a Zlib deflate decompression bomb.
    - Fix a remote Denial of Service (DoS) caused by compressed SAML
      responses.

 -- Daniel Leidert <dleidert@debian.org>  Sat, 05 Apr 2025 00:37:32 +0200

ruby-saml (1.11.0-1+deb11u1) bullseye-security; urgency=medium

  * Non-maintainer upload by the Debian LTS Team.
  * Fix CVE-2024-45409: properly verify the signature of the SAML
    Response.

 -- Abhijith PA <abhijith@debian.org>  Mon, 11 Nov 2024 10:52:03 +0530

ruby-saml (1.11.0-1) unstable; urgency=medium

  * Team upload

  [ Utkarsh Gupta ]
  * Add salsa-ci.yml

  [ Cédric Boutillier ]
  * New upstream version 1.11.0
  * Trim trailing whitespace.
  * Refresh patches

 -- Cédric Boutillier <boutil@debian.org>  Sat, 07 Sep 2019 00:42:55 +0200

ruby-saml (1.7.2-1) unstable; urgency=medium

  * Team upload

  [ Praveen Arimbrathodiyil ]
  * remove git in gemspec

  [ Cédric Boutillier ]
  * New upstream version 1.7.2
    + Fixes CVE-2017-11428 by processing text of nodes properly, ignoring
      comments (Closes: #892865)
  * Refresh use-system-lib.patch and remove-git-in-gemspec.patch
  * Use salsa.debian.org in Vcs-* fields
  * Bump debhelper compatibility level to 11
  * Bump Standards-Version to 4.1.3 (no changes needed)
  * Use https in watch file, copyright formal URL and homepage field

 -- Cédric Boutillier <boutil@debian.org>  Sun, 18 Mar 2018 05:33:29 +0100

ruby-saml (1.4.1-1) unstable; urgency=medium

  * New upstream release
  * Refresh patches (remove disable-failing-test.patch, merged upstream)
  * Install as gem, fix autopkgtest (Closes: #830929)

 -- Pirate Praveen <praveen@debian.org>  Sun, 30 Oct 2016 13:01:32 +0530

ruby-saml (1.3.0-1) unstable; urgency=medium

  * New upstream release
    (Fixes CVE-2016-5697 signature wrapping attack vulnerability)
  * Use unshift instead of push in gemspec (fix gemspec generation
    when an older version is already installed during build)

 -- Pirate Praveen <praveen@debian.org>  Sun, 10 Jul 2016 13:10:44 +0530

ruby-saml (1.1.2-1) unstable; urgency=medium

  * New upstream release
  * Enable tests

 -- Pirate Praveen <praveen@debian.org>  Tue, 15 Mar 2016 22:48:54 +0530

ruby-saml (1.0.0-1) unstable; urgency=medium

  * New upstream release
  * Check gemspec deps on build

 -- Pirate Praveen <praveen@debian.org>  Thu, 24 Sep 2015 20:16:24 +0530

ruby-saml (0.9.2-1) unstable; urgency=medium

  * Initial release (Closes: #790621)

 -- Pirate Praveen <praveen@debian.org>  Tue, 30 Jun 2015 19:07:07 +0530
