[SECURITY] [DLA 1983-1] simplesamlphp security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1983-1] simplesamlphp security update
From: Thijs Kinkhorst <thijs@debian.org>
Date: Wed, 6 Nov 2019 14:53:27 +0100 (CET)
Message-id: <[🔎] 20191106135327.DEA0120191@tetraquark.soleus.nu>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : simplesamlphp
Version        : 1.13.1-2+deb8u3
CVE ID         : CVE-2019-3465
Debian Bug     : 944107

It was discovered that in SimpleSAMLphp, an implementation of the
SAML 2.0 protocol, it was possible to circumvent XML signature
verification on SAML messages.

For Debian 8 "Jessie", this problem has been fixed in version
1.13.1-2+deb8u3.

We recommend that you upgrade your simplesamlphp packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEeANVtepr/II1qZxLVvYaeUAdrAQFAl3CzQkACgkQVvYaeUAd
rATZ4AgApE7bBItYJNDbwdU9ROv0XoI1sUkCPRMGy22JSJ92uTo3Ltfdah1pMSZF
KdhkMEuvGjahASuauUMO7/NSNZX8YDwZ+LpqYUTzDVSeuCUWd5rS9wK27aai7PQh
pbgaq89tPBrHqA3xxEsEDUtSo/oZaObzSj+zZdscLQ+O4Ff9NGAgh92bIGAedG/U
XkrQm6CzVFwbwUuBOnqtxUGy+K3wa7KF0Pc0EzZa9wHcCwAMKuEubmqqjkbJW6gY
LLl1fiGvy1JFgpGhqqXTc4M3sZraK4UYbmsnr406/3cKMflFegxtPWQrlDiygqKy
/h0tDnm4SHf7G9X2wETsYVzWffYTMQ==
=yyxq
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1982-1] openafs security update
Next by Date: [SECURITY] [DLA 1985-1] djvulibre security update
Previous by thread: [SECURITY] [DLA 1982-1] openafs security update
Next by thread: [SECURITY] [DLA 1985-1] djvulibre security update
Index(es):
- Date
- Thread