Source: simplesamlphp Version: 1.19.7-1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: fixed -1 1.19.7-1+deb12u1
Hi Thijs, The following vulnerability was published for simplesamlphp. This bug is just to reflect that the CVE is fixed in bookworm already but not yet in the upper suite. I'm aware of #1088816 which is to make sure that not 1.19 is shipped with trixie. CVE-2024-52596[0]: | SimpleSAMLphp xml-common is a common classes for handling XML- | structures. When loading an (untrusted) XML document, for example | the SAMLResponse, it's possible to induce an XXE. This vulnerability | is fixed in 1.19.0. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-52596 https://www.cve.org/CVERecord?id=CVE-2024-52596 Regards, Salvatore
