Debian security have an updated / backport 1.14 package for stretch:
simplesamlphp (1.14.11-1+deb9u1) stretch-security; urgency=high
* Update by the security team for stretch.
CVE-2017-12867 CVE-2017-12869
CVE-2017-12874 CVE-2017-18121 CVE-2017-18122
CVE-2018-6519 CVE-2018-6521 SSPSA-201802-01
(closes: #889286).
http://security.debian.org/debian-
security/pool/updates/main/s/simplesamlphp/
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-12867
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-12869
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-12874
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-18121
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-18122
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6519
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6521
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1753414
Title:
1.14.0-1ubuntu2 is vulnerable to multiple CVE:s
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/simplesamlphp/+bug/1753414/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
