Package: simplesamlphp Severity: grave Tags: upstream, security On mon nov 4 2019, 11:35 Jaime Pérez wrote @ https://groups.google.com/forum/#!msg/simplesamlphp-announce/2odMqz63z7k/6zQQeM91EwAJ : > We have been made aware of a security issue affecting all SimpleSAMLphp > instances deployed as a service provider (basically, using SimpleSAMLphp to > protect access to your application). This issue has been deemed critical, and > will therefore need an urgent update. We will be releasing SimpleSAMLphp > 1.17.7 > during next Wednesday the 6th of November, at a time yet to be determined. We > urge all SimpleSAMLphp users to make sure they are running the current stable > version, so that upgrading to the new release doesn’t have any side effects, > and to be prepared to upgrade their deployments as soon as the new stable > release is published. > > The details of the issue are embargoed for the time being, but will be made > public after the bugfix release has been published. CVE 2019-3465 has been > assigned to this issue. > > --· > Jaime Pérez > Uninett / Feide·
We ship: jessie (oldoldstable) 1.13.1-2+deb8u2 [security] stretch (oldstable) 1.14.11-1+deb9u1 buster (stable) 1.16.3-1 bullseye (testing) 1.17.6-1 Bye, Joost