Information on source package simplesamlphp

Available versions

ReleaseVersion
jessie1.13.1-2+deb8u3
stretch1.14.11-1+deb9u2
buster1.16.3-1+deb10u3
buster (security)1.16.3-1+deb10u1
bullseye1.19.0-1
bullseye (security)1.19.0-1+deb11u1
bookworm1.19.7-1
bookworm (security)1.19.7-1+deb12u1
trixie1.19.7-1
sid1.19.7-1

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2024-52806vulnerablevulnerablefixedfixedfixedvulnerablevulnerableSimpleSAMLphp SAML2 library is a PHP library for SAML2 related functio ...
CVE-2024-52596vulnerablevulnerablefixedfixedfixedvulnerablevulnerableSimpleSAMLphp xml-common is a common classes for handling XML-structur ...
CVE-2020-5225vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedfixedLog injection in SimpleSAMLphp before version 1.18.4. The www/errorepo ...
CVE-2018-7711vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedfixedfixedHTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 h ...
CVE-2018-6520vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedfixedfixedSimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open ...
CVE-2017-12872fixedvulnerable (no DSA)fixedfixedfixedfixedfixedThe (1) Htpasswd authentication source in the authcrypt module and (2) ...
CVE-2017-12871fixedvulnerable (no DSA)fixedfixedfixedfixedfixedThe aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAML ...
CVE-2017-12870vulnerable (no DSA, ignored)vulnerable (no DSA)fixedfixedfixedfixedfixedSimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle ...
CVE-2016-9955vulnerable (no DSA)fixedfixedfixedfixedfixedfixedThe SimpleSAML_XML_Validator class constructor in SimpleSAMLphp before ...
CVE-2016-9814vulnerable (no DSA)fixedfixedfixedfixedfixedfixedThe validateSignature method in the SAML2\Utils class in SimpleSAMLphp ...

Open unimportant issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2016-3124vulnerablefixedfixedfixedfixedfixedfixedThe sanitycheck module in SimpleSAMLphp before 1.14.1 allows remote at ...

Resolved issues

BugDescription
CVE-2020-5301SimpleSAMLphp versions before 1.18.6 contain an information disclosure ...
CVE-2020-5226Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/e ...
CVE-2019-3465Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for exa ...
CVE-2018-7644The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp b ...
CVE-2018-6521The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL ...
CVE-2018-6519The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1. ...
CVE-2017-18122A signature-validation bypass issue was discovered in SimpleSAMLphp th ...
CVE-2017-18121The consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable ...
CVE-2017-12874The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XM ...
CVE-2017-12873SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain se ...
CVE-2017-12869The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remot ...
CVE-2017-12868The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleS ...
CVE-2017-12867The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 an ...
CVE-2012-0908Cross-site scripting (XSS) vulnerability in logout.php in SimpleSAMLph ...
CVE-2012-0040Cross-site scripting (XSS) vulnerability in modules/core/www/no_cookie ...
CVE-2011-4625simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectl ...

Security announcements

DSA / DLADescription
ELA-1266-1simplesamlphp - security update
DSA-5822-1simplesamlphp - security update
DLA-3981-1simplesamlphp - security update
DSA-4560-1simplesamlphp - security update
DLA-1983-1simplesamlphp - security update
DLA-1408-1simplesamlphp - security update
DLA-1314-1simplesamlphp - security update
DSA-4127-1simplesamlphp - security update
DLA-1298-1simplesamlphp - security update
DLA-1273-1simplesamlphp - security update
DLA-1205-1simplesamlphp - security update
DSA-2387-1simplesamlphp - cross site scripting
DSA-2330-1simplesamlphp - several

Search for package or bug name: Reporting problems