Has simplesamlphp been affected by vulnerability documented with " VU#475445" ?
22 views
Skip to first unread message
Jaime Ramirez Infante
Mar 13, 2018, 12:31:28 PM3/13/18
to SimpleSAMLphp
Even when I'm using latest version of simplesamlphp (1.15.4) I would know if simplesamlphp been affected by vulnerability documented with " VU#475445"
related to OneLogin’s "python-saml" (Multiple SAML libraries may allow authentication
bypass via incorrect XML canonicalization and DOM traversal) ?
Regards!
Peter Schober
Mar 13, 2018, 1:24:44 PM3/13/18
to SimpleSAMLphp
* Jaime Ramirez Infante <jim...@gmail.com> [2018-03-13 17:31]:
SimpleSAMLphp but even the latest (i.e., topmost) ones at
https://simplesamlphp.org/security
do *not* list 1.15.4 under "affected versions":
https://simplesamlphp.org/security/201802-01
https://simplesamlphp.org/security/201803-01
Meaning 1.15.4 is *not* affected by those (i.e., by any
vulnerabilities known at this time).
-peter
> Even when I'm using latest version of simplesamlphp (1.15.4) I would
> know if simplesamlphp been affected by vulnerability documented with
> " VU#475445" related to OneLogin’s "python-saml"
https://kb.cert.org/vuls/id/475445 does not reference the CVE for
> know if simplesamlphp been affected by vulnerability documented with
> " VU#475445" related to OneLogin’s "python-saml"
SimpleSAMLphp but even the latest (i.e., topmost) ones at
https://simplesamlphp.org/security
do *not* list 1.15.4 under "affected versions":
https://simplesamlphp.org/security/201802-01
https://simplesamlphp.org/security/201803-01
Meaning 1.15.4 is *not* affected by those (i.e., by any
vulnerabilities known at this time).
-peter
Jaime Ramirez Infante
Mar 13, 2018, 7:04:36 PM3/13/18
to simple...@googlegroups.com
Thank you Peter!
--
This is a mailing list for users of SimpleSAMLphp, not a support service. If you are willing to buy commercial support, please take a look here:
https://simplesamlphp.org/support
Before sending your question, make sure it is related to SimpleSAMLphp, and not your web server's configuration or any other third-party software. This mailing list cannot help with software that uses SimpleSAMLphp, only regarding SimpleSAMLphp itself.
Make sure to read the documentation:
https://simplesamlphp.org/docs/stable/
If you have an issue with SimpleSAMLphp that you cannot resolve and reading the documentation doesn't help, you are more than welcome to ask here for help. Subscribe to the list and send an email with your question. However, you will be expected to comply with some minimum, common sense standards in your questions. Please read this carefully:
http://catb.org/~esr/faqs/smart-questions.html
---
You received this message because you are subscribed to a topic in the Google Groups "SimpleSAMLphp" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/simplesamlphp/BsbNaaS5-Wo/unsubscribe.
To unsubscribe from this group and all its topics, send an email to simplesamlphp+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
---------------------------------------------
Atte. Ing. Jaime Ramírez Infante
Atte. Ing. Jaime Ramírez Infante
Reply all
Reply to author
Forward
0 new messages