Package: simplesamlphp / 1.14.11-1+deb9u1

Metadata

Package Version Patches format
simplesamlphp 1.14.11-1+deb9u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
debian_config.patch | (download)

config/config.php | 18 12 + 6 - 0 !
1 file changed, 12 insertions(+), 6 deletions(-)

 debian-specific paths and defaults
CVE 2017 12867.patch | (download)

lib/SimpleSAML/Auth/TimeLimitedToken.php | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
CVE 2017 12869.patch | (download)

modules/multiauth/lib/Auth/Source/MultiAuth.php | 8 7 + 1 - 0 !
1 file changed, 7 insertions(+), 1 deletion(-)

 [patch] bugfix: allow only valid auth sources in multiauth.

The configuration of the MultiAuth authentication source specifies the auth sources that the user is presented with when asked for authentication. However, there was no proper check for the auth source selected by the user to ensure it is one of those allowed for MultiAuth.

CVE 2017 18121.patch | (download)

modules/consentAdmin/templates/consentadmin.php | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
CVE 2017 18122.patch | (download)

lib/SimpleSAML/XML/Validator.php | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] make sure calls to in_array() use strict comparisons.


CVE 2018 6519.patch | (download)

vendor/simplesamlphp/saml2/src/SAML2/Utils.php | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
CVE 2018 6521.patch | (download)

modules/sqlauth/lib/Auth/Source/SQL.php | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
SSPSA 201802 01.patch | (download)

vendor/simplesamlphp/saml2/src/SAML2/Utils.php | 9 9 + 0 - 0 !
1 file changed, 9 insertions(+)

---