Debian
simplesamlphp package

simplesamlphp 1.8.1-1 source package in Debian

Changelog

simplesamlphp (1.8.1-1) unstable; urgency=high


  * New upstream release. Fixes security issues:
    - It may be possible to use an SP as a oracle to decrypt
      encrypted messages sent to that SP. This is the attack
      described in the paper "How to break XML encryption":
      http://dx.doi.org/10.1145/2046707.2046756
    - It may be possible to use the SP as a key oracle which
      can be used to  forge messages from that SP by issuing
      300000-2000000 queries to the SP. This mainly affects
      SPs that use signed authentication requests. The attack
      is described in "Chosen Ciphertext Attacks Against
      Protocols Based on the RSA Encryption Standard PKCS #1.":
      http://www.iacr.org/cryptodb/data/paper.php?pubkey=1037

 -- Thijs Kinkhorst <email address hidden>  Thu, 27 Oct 2011 14:19:20 +0200

Upload details

Uploaded by:
Thijs Kinkhorst
Uploaded to:
Sid
Original maintainer:
Thijs Kinkhorst
Architectures:
all
Section:
web
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Downloads

File Size SHA-256 Checksum
simplesamlphp_1.8.1-1.dsc 1.5 KiB eecb3a7f77dcde7a5dcb93e1b4940adf26dfd13f21c35dc2cb7627701db38a4a
simplesamlphp_1.8.1.orig.tar.gz 1.5 MiB 59b5ae4df1a1bf1c8532dac23eb0c24fd1747695318e959f8071f64fbfd14003
simplesamlphp_1.8.1-1.debian.tar.gz 7.3 KiB f96144dd2728085ace12c945085a4a30835bf2830ad0331b4433c10348f881e4

No changes file available.

Binary packages built by this source