Shibboleth Service Provider Security Advisory [3 August 2018]

[Peter Schober]

* Cantor, Scott <cantor.2 at osu.edu> [2018-08-03 14:06]:
> The Apache Santuario XML Security for C++ library contained code
> paths at risk of dereferencing null pointers when processing
> various kinds of malformed KeyInfo hints typically found in signed
> or encrypted XML.

So this is not just about metadata (as I initially thought) and could
also be triggered by unsolicited responses, for example?

-peter