| Package | simplesamlphp |
|---|---|
| Version | 1.16.3-1+deb10u3 (buster) |
| Related CVEs | CVE-2024-52596 CVE-2024-52806 |
It was discovered that in SimpleSAMLphp, an implementation of the SAML 2.0 protocol, is prone to XML external entity (XXE) vulnerabilities when loading (untrusted) XML documents or parsing SAML messages.
For Debian 10 buster, these problems have been fixed in version 1.16.3-1+deb10u3.
We recommend that you upgrade your simplesamlphp packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.