Univention Bugzilla – Bug 50482
simplesamlphp: Multiple issues (4.4)
Last modified: 2019-11-13 16:04:44 CET
New Debian simplesamlphp 1.16.3-1+deb10u1A~4.4.0.201911111614 fixes: This update addresses the following issue: * It was discovered that in SimpleSAMLphp, an implementation of the SAML 2.0 protocol, it was possible to circumvent XML signature verification on SAML messages. (CVE-2019-3465)
--- mirror/ftp/4.4/unmaintained/4.4-2/source/simplesamlphp_1.16.3-1A~4.4.0.201907162025.dsc +++ apt/ucs_4.4-0-errata4.4-2/source/simplesamlphp_1.16.3-1+deb10u1A~4.4.0.201911111614.dsc @@ -1,9 +1,13 @@ -1.16.3-1A~4.4.0.201907162025 [Tue, 16 Jul 2019 20:25:48 +0200] Univention builddaemon <buildd@univention.de>: +1.16.3-1+deb10u1A~4.4.0.201911111614 [Mon, 11 Nov 2019 16:14:32 +0100] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 02_change_nutzer_to_benutzer 03_add_custom_error_messages 04_debhelper + +1.16.3-1+deb10u1 [Sun, 03 Nov 2019 05:46:13 +0000] Thijs Kinkhorst <thijs@debian.org>: + + * Fix security issue CVE-2019-3465. 1.16.3-1 [Fri, 21 Dec 2018 13:46:17 +0000] Thijs Kinkhorst <thijs@debian.org>: <http://10.200.17.11/4.4-2/#6474037059500017828>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-2] 98d77a3aa9 Bug #50482: simplesamlphp_1.16.3-1+deb10u1A~4.4.0.201911111614 doc/errata/staging/simplesamlphp.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+)
<http://errata.software-univention.de/ucs/4.4/333.html>