Russ Allbery uploaded new packages for opensaml2 which fixed the
following security problems:

CVE-2011-1411

    Juraj Somorovsky, Andreas Mayer, Meiko Jensen, Florian Kohlar, Marco
    Kampmann and Joerg Schwenk discovered that OpenSAML is vulnerable to
    an XML signature wrapping attack that could allow a remote,
    unauthenticated attacker to craft messages that can be successfully
    verified but contain arbitrary content.  This may allow an attacker
    to subvert the security of software using OpenSAML and supply an
    unauthenticated login identity and data under the guise of a trusted
    issuer.

For the lenny-backports distribution, this problem has been fixed in
2.3-2+squeeze1~bpo50+1.

We recommend that you upgrade your opensaml2 packages and then restart
shibd and Apache if you have Shibboleth installed as well.

If you don't use pinning (see [1]) you have to update the package
manually via "apt-get -t lenny-backports install <packagelist>" with
the packagelist of your installed packages affected by this update.
[1] <https://backports.debian.org/Instructions>

We recommend to pin (in /etc/apt/preferences) the backports repository
to 200 so that new versions of installed  backports will be installed
automatically.

  Package: *
  Pin: release a=lenny-backports
  Pin-Priority: 200