Your message dated Sun, 24 Nov 2019 23:06:11 +0000
with message-id <e1iz0xh-0006s7...@fasolo.debian.org>
and subject line Bug#944107: fixed in simplesamlphp 1.14.11-1+deb9u2
has caused the Debian Bug report #944107,
regarding simplesamlphp: CVE 2019-3465
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
944107: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=944107
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: simplesamlphp
Severity: grave
Tags: upstream, security
On mon nov 4 2019, 11:35 Jaime Pérez wrote @
https://groups.google.com/forum/#!msg/simplesamlphp-announce/2odMqz63z7k/6zQQeM91EwAJ
:
> We have been made aware of a security issue affecting all SimpleSAMLphp
> instances deployed as a service provider (basically, using SimpleSAMLphp to
> protect access to your application). This issue has been deemed critical, and
> will therefore need an urgent update. We will be releasing SimpleSAMLphp
> 1.17.7
> during next Wednesday the 6th of November, at a time yet to be determined. We
> urge all SimpleSAMLphp users to make sure they are running the current stable
> version, so that upgrading to the new release doesn’t have any side effects,
> and to be prepared to upgrade their deployments as soon as the new stable
> release is published.
>
> The details of the issue are embargoed for the time being, but will be made
> public after the bugfix release has been published. CVE 2019-3465 has been
> assigned to this issue.
>
> --·
> Jaime Pérez
> Uninett / Feide·
We ship:
jessie (oldoldstable) 1.13.1-2+deb8u2 [security]
stretch (oldstable) 1.14.11-1+deb9u1
buster (stable) 1.16.3-1
bullseye (testing) 1.17.6-1
Bye,
Joost
--- End Message ---
--- Begin Message ---
Source: simplesamlphp
Source-Version: 1.14.11-1+deb9u2
We believe that the bug you reported is fixed in the latest version of
simplesamlphp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 944...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thijs Kinkhorst <th...@debian.org> (supplier of updated simplesamlphp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 05 Nov 2019 08:54:44 +0100
Source: simplesamlphp
Binary: simplesamlphp
Architecture: source all
Version: 1.14.11-1+deb9u2
Distribution: stretch-security
Urgency: high
Maintainer: Thijs Kinkhorst <th...@debian.org>
Changed-By: Thijs Kinkhorst <th...@debian.org>
Description:
simplesamlphp - Authentication and federation application supporting several
prot
Closes: 944107
Changes:
simplesamlphp (1.14.11-1+deb9u2) stretch-security; urgency=high
.
* Update by the security team for stretch.
* Fix security issue CVE-2019-3465 (closes: #944107).
Checksums-Sha1:
a818c1a0690c1b5010a91a012f59a4abd33913be 1615
simplesamlphp_1.14.11-1+deb9u2.dsc
bea4db4596d32e7631a0826ac575c1aa9e34f106 2310416
simplesamlphp_1.14.11-1+deb9u2.debian.tar.xz
852c0bbb91b9b6b07f55640c475e184530e32912 1635236
simplesamlphp_1.14.11-1+deb9u2_all.deb
41ab4465cc6261edaeaaeb16a63bb0dfa1383d26 5856
simplesamlphp_1.14.11-1+deb9u2_amd64.buildinfo
Checksums-Sha256:
9185d14c0ebb9054e790683a6da4a90310b081f504e39614e18055b46abf0883 1615
simplesamlphp_1.14.11-1+deb9u2.dsc
b07da5f8bc47f94cc9a2544c6e8577994d13540fc012136e369ef063ec2246c6 2310416
simplesamlphp_1.14.11-1+deb9u2.debian.tar.xz
43bf435d2bc861c671623c4e48b56ccc62761d90a1bedd7f1614dbe7719ee2ee 1635236
simplesamlphp_1.14.11-1+deb9u2_all.deb
82afdd69b9cd994fd409388d020f946cc0c4d24398325ab9ffc13e50fd2369e2 5856
simplesamlphp_1.14.11-1+deb9u2_amd64.buildinfo
Files:
29e951342754a5c8ac97c496217ba83e 1615 web extra
simplesamlphp_1.14.11-1+deb9u2.dsc
c4cc0fe78019d9e7454fc060b6871524 2310416 web extra
simplesamlphp_1.14.11-1+deb9u2.debian.tar.xz
e2e289efef5f0d53c1f1057613f85c55 1635236 web extra
simplesamlphp_1.14.11-1+deb9u2_all.deb
9d9fa4fc93604172b86a7123ca62f052 5856 web extra
simplesamlphp_1.14.11-1+deb9u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQFFBAEBCAAvFiEEeANVtepr/II1qZxLVvYaeUAdrAQFAl3BLXIRHHRoaWpzQGRl
Ymlhbi5vcmcACgkQVvYaeUAdrAQfbAf/e7q5S4hIeFgAk5+DCeljrlHReZIomH1v
WyHNzNG7zHRUz5ly5Pw45+boPW+8CbZUVPzQzw4uhlxT/aqrPcWLb6CpP5oZJded
u59xaTlmz/avbKJKisW1W36YBF56ZD/0BUuKSCtY+li9pB6V6xFRkUudmDnJ0vb1
/eFLGULUuLAx5UfBHiZI3V6OF+GaAmo/vk1DAIHZ239DRszM8vyDCdVHhi/bwZS/
Sh3Fgvp4mssqTRH/RCq52zlk1gjwz/isvgn0j6p/E0TwrhOdPdaCRTBMRaULQ+Ub
VdbsuAYQxRRzMwydVjRwqrrMzTtB+RTJaOz3/ZwRxMDGAFBOdHqPhw==
=KUZk
-----END PGP SIGNATURE-----
--- End Message ---
