Hi Joost, If you'd like to test the simplesamlphp packages for bullsyes, I've prepared packages and placed them for your convenience here:
https://people.debian.org/~tobi/simplesamlphp/ -- Cheers, tobi On Mon, 28 Apr 2025 13:50:24 +0000 Tobias Frost <t...@sviech.de> wrote: > Hi Joost, > > I've been woking on simplesmalphp yesterday, and the current status of my backport of the patch for CVE-2025-27773 is in the lts team repo [1] > > [1] https://salsa.debian.org/lts-team/packages/simplesamlphp/-/tree/debian/bullseye/ > > Help in testing the changes would be very helpful, so if you can assist in testing the changes, this would be very appreciated. > > Cheers, > tobi > > > "Joost van Baal-Ilić" joostvb+deb...@uvt.nl – April 28, 2025 9:30 AM > > Hi, > > > > As you're probably aware, issue > > https://security-tracker.debian.org/tracker/CVE-2025-27773 has been open since > > March 11, 2025. Is anybody working on fixing this? I could probably help out > > with testing prereleases for Debian bullseye. > > > > Thanks, Bye, > > > > Joost > > > > > > On Thu, Feb 06, 2025 at 11:56:41AM -0300, Santiago Ruano Rincón wrote: > > > Control: User -1 debian-...@lists.debian.org > > > Control: Usertag -1 + upstream-trixie > > > > > > Hello Thijs and LTS team, > > > > > > El 01/12/24 a las 17:38, Thijs Kinkhorst escribió: > > > > Package: simplesamlphp > > > > Severity: grave > > > > Tags: trixie sid > > > > > > > > The current package in testing and unstable is version 1.19. Upstream no > > > > longer supports this version. There's a 2.x series which should be > > > > packaged. > > > > > > > > There are a number of changes required for packaging 2.x. Most notably > > > > the list of shipped modules is much smaller, which needs some > > > > consideration. > > > > > > > > In any case Debian should not ship a 1.19 package in trixie, hence > > > > this bug which can be closed if a 2.x version is packaged at some > > > > point. > > > > > > This is just a heads-up about the status of simplesamlphp in trixie, > > > which is currently missing. > > > > > > Thijs, could we interpret the above as you are OK with a "Team- upload" > > > (as the package is in salsa.d.o/debian), or an NMU to package > > > simplesamlphp 2.x? > > > Please, don't hesitate to tell me if that is wrong. > > > > > > Someone from the LTS team, may be interested in contributing (CC'ing > > > debian-lts). > > > > > > Best regards,
