Package: simplesamlphp / 1.14.11-1+deb9u1

CVE-2017-12867.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
diff -ur simplesamlphp-1.14.11.orig/lib/SimpleSAML/Auth/TimeLimitedToken.php simplesamlphp-1.14.11/lib/SimpleSAML/Auth/TimeLimitedToken.php
--- simplesamlphp-1.14.11.orig/lib/SimpleSAML/Auth/TimeLimitedToken.php	2016-12-12 17:08:36.000000000 +0100
+++ simplesamlphp-1.14.11/lib/SimpleSAML/Auth/TimeLimitedToken.php	2018-03-01 20:20:23.982011204 +0100
@@ -48,7 +48,7 @@
 	 */
 	private function calculate_tokenvalue($offset) {
 		// A secret salt that should be randomly generated for each installation
-		return sha1( $this->calculate_time_slot($offset) . ':' . $this->secretSalt);
+		return sha1($offset . ':' . $this->calculate_time_slot($offset) . ':' . $this->secretSalt);
 	}
 	
 	/**