[SECURITY] [DLA 1983-1] simplesamlphp security update

Wed, 06 Nov 2019 06:03:35 -0800 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : simplesamlphp
Version        : 1.13.1-2+deb8u3
CVE ID         : CVE-2019-3465
Debian Bug     : 944107

It was discovered that in SimpleSAMLphp, an implementation of the
SAML 2.0 protocol, it was possible to circumvent XML signature
verification on SAML messages.

For Debian 8 "Jessie", this problem has been fixed in version
1.13.1-2+deb8u3.

We recommend that you upgrade your simplesamlphp packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEeANVtepr/II1qZxLVvYaeUAdrAQFAl3CzQkACgkQVvYaeUAd
rATZ4AgApE7bBItYJNDbwdU9ROv0XoI1sUkCPRMGy22JSJ92uTo3Ltfdah1pMSZF
KdhkMEuvGjahASuauUMO7/NSNZX8YDwZ+LpqYUTzDVSeuCUWd5rS9wK27aai7PQh
pbgaq89tPBrHqA3xxEsEDUtSo/oZaObzSj+zZdscLQ+O4Ff9NGAgh92bIGAedG/U
XkrQm6CzVFwbwUuBOnqtxUGy+K3wa7KF0Pc0EzZa9wHcCwAMKuEubmqqjkbJW6gY
LLl1fiGvy1JFgpGhqqXTc4M3sZraK4UYbmsnr406/3cKMflFegxtPWQrlDiygqKy
/h0tDnm4SHf7G9X2wETsYVzWffYTMQ==
=yyxq
-----END PGP SIGNATURE-----

Reply via email to