Hi, As you're probably aware, issue https://security-tracker.debian.org/tracker/CVE-2025-27773 has been open since March 11, 2025. Is anybody working on fixing this? I could probably help out with testing prereleases for Debian bullseye.
Thanks, Bye, Joost On Thu, Feb 06, 2025 at 11:56:41AM -0300, Santiago Ruano Rincón wrote: > Control: User -1 debian-...@lists.debian.org > Control: Usertag -1 + upstream-trixie > > Hello Thijs and LTS team, > > El 01/12/24 a las 17:38, Thijs Kinkhorst escribió: > > Package: simplesamlphp > > Severity: grave > > Tags: trixie sid > > > > The current package in testing and unstable is version 1.19. Upstream no > > longer supports this version. There's a 2.x series which should be > > packaged. > > > > There are a number of changes required for packaging 2.x. Most notably > > the list of shipped modules is much smaller, which needs some > > consideration. > > > > In any case Debian should not ship a 1.19 package in trixie, hence > > this bug which can be closed if a 2.x version is packaged at some > > point. > > This is just a heads-up about the status of simplesamlphp in trixie, > which is currently missing. > > Thijs, could we interpret the above as you are OK with a "Team-upload" > (as the package is in salsa.d.o/debian), or an NMU to package > simplesamlphp 2.x? > Please, don't hesitate to tell me if that is wrong. > > Someone from the LTS team, may be interested in contributing (CC'ing > debian-lts). > > Best regards, > > -- Santiago, for the LTS Team.
