Format: 1.8 Date: Thu, 30 Nov 2017 15:07:03 +0100 Source: simplesamlphp Binary: simplesamlphp Architecture: source all Version: 1.9.2-1+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Thijs Kinkhorst Changed-By: Raphaƫl Hertzog Description: simplesamlphp - Authentication and federation application supporting several prot Changes: simplesamlphp (1.9.2-1+deb7u1) wheezy-security; urgency=high . * Non-maintainer upload by the Debian LTS Team. * Fix CVE-2017-12867: Invalid token creation and validation * Fix CVE-2017-12869: Authentication context bypass in the multiauth module * Fix CVE-2017-12872: Multiple timing side-channel issues (use the patch fixed for CVE-2017-12868 too) * Fix CVE-2017-12873: Incorrect persistent NameID generation * Fix CVE-2017-12874: incorrect signature verification Checksums-Sha1: 1635499493c219de99313c209b3786805920140d 1053 simplesamlphp_1.9.2-1+deb7u1.dsc 2b0a54820b4e7aca0eb410ea3ed5f81814d66206 11505 simplesamlphp_1.9.2-1+deb7u1.debian.tar.gz b4606ec573ddda0d68705f631427c265a2bfcf4a 1600742 simplesamlphp_1.9.2-1+deb7u1_all.deb Checksums-Sha256: b70cba465b2655cd6fbc3120b322d2fb7186c7a6d818c54280d8aae9b591b913 1053 simplesamlphp_1.9.2-1+deb7u1.dsc 1c139a007f2e5c20379acf8ade632a9545b6df485b9ae502cfd80df60a83daa7 11505 simplesamlphp_1.9.2-1+deb7u1.debian.tar.gz bfd05736a089a4b36eb53ffeda65e923172609bf4b00e17303a32bf58ee07477 1600742 simplesamlphp_1.9.2-1+deb7u1_all.deb Files: ab7b66bb31f5cf95edb850267295b0b8 1053 web extra simplesamlphp_1.9.2-1+deb7u1.dsc 63a92401a4906506cf8f07ced309eaa3 11505 web extra simplesamlphp_1.9.2-1+deb7u1.debian.tar.gz 9d8a98761f084850f86621d86db03adc 1600742 web extra simplesamlphp_1.9.2-1+deb7u1_all.deb