Candidate: CVE-2012-0040
PublicDate: 2012-01-24 18:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0040
 http://groups.google.com/group/simplesamlphp-announce/browse_thread/thread/cb96723ee3c6751e
Description:
 Cross-site scripting (XSS) vulnerability in modules/core/www/no_cookie.php
 in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows
 remote attackers to inject arbitrary web script or HTML via the retryURL
 parameter.
Ubuntu-Description: 
Notes: 
Bugs: 
 http://code.google.com/p/simplesamlphp/issues/detail?id=468
Priority: medium
Discovered-by:
Assigned-to: 
CVSS: 

Patches_simplesamlphp:
 upstream: r3008 and r3009
upstream_simplesamlphp: released (1.8.2)
hardy_simplesamlphp: DNE
lucid_simplesamlphp: DNE
maverick_simplesamlphp: ignored (reached end-of-life)
natty_simplesamlphp: ignored (reached end-of-life)
oneiric_simplesamlphp: ignored (reached end-of-life)
precise_simplesamlphp: not-affected (1.8.2-1)
quantal_simplesamlphp: not-affected (1.9.0~rc2-1)
raring_simplesamlphp: not-affected (1.9.0~rc2-1)
devel_simplesamlphp: not-affected (1.9.0~rc2-1)