TEMP-1114506-8D7C37

NameTEMP-1114506-8D7C37
DescriptionSQL injection vulnerability in Service Provider ODBC plugin
SourceAutomatically generated temporary name. Not for external reference.
Debian Bugs1114506

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
shibboleth-sp (PTS)bullseye3.2.2+dfsg1-1vulnerable
bookworm3.4.1+dfsg-2vulnerable
bookworm (security)3.4.1+dfsg-2+deb12u1fixed
trixie (security)3.5.0+dfsg-2+deb13u1fixed
forky, trixie3.5.0+dfsg-2vulnerable
sid3.5.1+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
shibboleth-spsourcebookworm3.4.1+dfsg-2+deb12u1
shibboleth-spsourcetrixie3.5.0+dfsg-2+deb13u1
shibboleth-spsource(unstable)3.5.1+dfsg-11114506

Notes

https://issues.shibboleth.net/jira/browse/SSPCPP-1014
https://shibboleth.net/community/advisories/secadv_20250903.txt
Search for package or bug name: Reporting problems