Hi Joost, I've been woking on simplesmalphp yesterday, and the current status of my backport of the patch for CVE-2025-27773 is in the lts team repo [1]
[1] https://salsa.debian.org/lts-team/packages/simplesamlphp/-/tree/debian/bullseye/ Help in testing the changes would be very helpful, so if you can assist in testing the changes, this would be very appreciated. Cheers, tobi "Joost van Baal-Ilić" joostvb+deb...@uvt.nl – April 28, 2025 9:30 AM > Hi, > > As you're probably aware, issue > https://security-tracker.debian.org/tracker/CVE-2025-27773 has been open since > March 11, 2025. Is anybody working on fixing this? I could probably help out > with testing prereleases for Debian bullseye. > > Thanks, Bye, > > Joost > > > On Thu, Feb 06, 2025 at 11:56:41AM -0300, Santiago Ruano Rincón wrote: > > Control: User -1 debian-...@lists.debian.org > > Control: Usertag -1 + upstream-trixie > > > > Hello Thijs and LTS team, > > > > El 01/12/24 a las 17:38, Thijs Kinkhorst escribió: > > > Package: simplesamlphp > > > Severity: grave > > > Tags: trixie sid > > > > > > The current package in testing and unstable is version 1.19. Upstream no > > > longer supports this version. There's a 2.x series which should be > > > packaged. > > > > > > There are a number of changes required for packaging 2.x. Most notably > > > the list of shipped modules is much smaller, which needs some > > > consideration. > > > > > > In any case Debian should not ship a 1.19 package in trixie, hence > > > this bug which can be closed if a 2.x version is packaged at some > > > point. > > > > This is just a heads-up about the status of simplesamlphp in trixie, > > which is currently missing. > > > > Thijs, could we interpret the above as you are OK with a "Team-upload" > > (as the package is in salsa.d.o/debian), or an NMU to package > > simplesamlphp 2.x? > > Please, don't hesitate to tell me if that is wrong. > > > > Someone from the LTS team, may be interested in contributing (CC'ing > > debian-lts). > > > > Best regards, > > > > -- Santiago, for the LTS Team. > >
