Candidate: CVE-2017-12873
PublicDate: 2017-09-01 21:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12873
 https://simplesamlphp.org/security/201612-04
Description:
 SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain
 sensitive information, gain unauthorized access, or have unspecified other
 impacts by leveraging incorrect persistent NameID generation when an
 Identity Provider (IdP) is misconfigured.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_simplesamlphp:
upstream_simplesamlphp: released (1.14.15-1)
precise/esm_simplesamlphp: DNE
trusty_simplesamlphp: ignored (reached end-of-life)
trusty/esm_simplesamlphp: DNE (trusty was needed)
vivid/ubuntu-core_simplesamlphp: DNE
xenial_simplesamlphp: ignored (end of standard support, was needed)
zesty_simplesamlphp: ignored (reached end-of-life)
artful_simplesamlphp: not-affected (1.14.15-1)
bionic_simplesamlphp: not-affected (1.14.15-1)
cosmic_simplesamlphp: not-affected (1.14.15-1)
disco_simplesamlphp: not-affected (1.14.15-1)
eoan_simplesamlphp: not-affected (1.14.15-1)
focal_simplesamlphp: not-affected (1.14.15-1)
groovy_simplesamlphp: not-affected (1.14.15-1)
hirsute_simplesamlphp: not-affected (1.14.15-1)
impish_simplesamlphp: not-affected (1.14.15-1)
jammy_simplesamlphp: not-affected (1.14.15-1)
devel_simplesamlphp: not-affected (1.14.15-1)