FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-24 21:00:48 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
417de1e6-c31b-11eb-9633-b42e99a1b9c3	lasso -- signature checking failure entrouvert reports: When AuthnResponse messages are not signed (which is permitted by the specifiation), all assertion's signatures should be checked, but currently after the first signed assertion is checked all following assertions are accepted without checking their signature, and the last one is considered the main assertion. Discovery 2021-06-01 Entry 2021-06-01 lasso < 2.7.0 CVE-2021-28091 https://git.entrouvert.org/lasso.git/tree/NEWS?id=v2.7.0

VuXML ID

Description

417de1e6-c31b-11eb-9633-b42e99a1b9c3

lasso -- signature checking failure

entrouvert reports:

When AuthnResponse messages are not signed (which is permitted by the specifiation), all assertion's signatures should be checked, but currently after the first signed assertion is checked all following assertions are accepted without checking their signature, and the last one is considered the main assertion.

Discovery 2021-06-01
Entry 2021-06-01
lasso

< 2.7.0

CVE-2021-28091
https://git.entrouvert.org/lasso.git/tree/NEWS?id=v2.7.0