On Tue, May 28, 2019 16:01, Chris Lamb wrote: > Mike Gabriel wrote: > >> The Debian LTS team would like to fix the security issues which are >> currently open in the Jessie version of simplesamlphp: > > Which CVE is/was this for? I am just looking at: > > https://security-tracker.debian.org/tracker/source-package/simplesamlphp > > ... and not seeing anything relevant. Is it still vulnerable? If so, we > should remove it from dla-needed.txt, naturally.
As the maintainer I have triaged all open issues and see no reason for releasing a jessie update at this point. Cheers, Thijs
