** Information type changed from Private Security to Public Security ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-3465
-- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1851418 Title: Security upgrade simplesamlphp to 1.17.7 Status in Mahara: Fix Committed Status in Mahara 18.10 series: Fix Released Status in Mahara 19.04 series: Fix Released Status in Mahara 19.10 series: Fix Released Status in Mahara 20.04 series: Fix Committed Bug description: From the folks at simplesamlphp: "We have been made aware of a security issue affecting all SimpleSAMLphp instances deployed as a service provider (basically, using SimpleSAMLphp to protect access to your application). This issue has been deemed critical, and will therefore need an urgent update. We will be releasing SimpleSAMLphp 1.17.7 during next Wednesday the 6th of November, at a time yet to be determined. We urge all SimpleSAMLphp users to make sure they are running the current stable version, so that upgrading to the new release doesn’t have any side effects, and to be prepared to upgrade their deployments as soon as the new stable release is published. The details of the issue are embargoed for the time being, but will be made public after the bugfix release has been published. CVE 2019-3465 has been assigned to this issue." Our sites are currently on 1.17.6 so the upgrade should be fairly painless To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1851418/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : [email protected] Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
