Register | Log in

ruby-saml

Choose email to subscribe with

general

source: ruby-saml (main)
version: 1.13.0-1+deb12u1
maintainer: Debian Ruby Team (archive) (DMD)
uploaders: Pirate Praveen [DMD]
arch: all
std-ver: 4.6.0
VCS: Git (Browse)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.7.2-1
oldstable: 1.11.0-1
old-sec: 1.11.0-1+deb11u2
stable: 1.13.0-1+deb12u1
stable-sec: 1.13.0-1+deb12u1

versioned links

1.7.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.11.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.11.0-1+deb11u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.13.0-1+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

ruby-saml

package is gone

This package is not in any development repository. This probably means that the package has been removed (or has been renamed). Thus the information here is of little interest ... the package is going to disappear unless someone takes it over and reintroduces it.

action needed

3 security issues in bookworm high

There are 3 open security issues in bookworm.

3 important issues:

CVE-2025-25291: ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 fix the issue.
CVE-2025-25292: ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 contain a patch for the issue.
CVE-2025-25293: ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote Denial of Service (DoS) with compressed SAML responses. ruby-saml uses zlib to decompress SAML responses in case they're compressed. It is possible to bypass the message size check with a compressed assertion since the message size is checked before inflation and not after. This issue may lead to remote Denial of Service (DoS). Versions 1.12.4 and 1.18.0 fix the issue.

Created: 2025-03-13 Last update: 2025-05-01 22:01

3 security issues in sid high

There are 3 open security issues in sid.

3 important issues:

CVE-2025-25291: ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 fix the issue.
CVE-2025-25292: ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 contain a patch for the issue.
CVE-2025-25293: ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote Denial of Service (DoS) with compressed SAML responses. ruby-saml uses zlib to decompress SAML responses in case they're compressed. It is possible to bypass the message size check with a compressed assertion since the message size is checked before inflation and not after. This issue may lead to remote Denial of Service (DoS). Versions 1.12.4 and 1.18.0 fix the issue.

Created: 2025-03-13 Last update: 2025-04-27 18:05

3 security issues in trixie high

There are 3 open security issues in trixie.

3 important issues:

CVE-2025-25291: ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 fix the issue.
CVE-2025-25292: ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 contain a patch for the issue.
CVE-2025-25293: ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote Denial of Service (DoS) with compressed SAML responses. ruby-saml uses zlib to decompress SAML responses in case they're compressed. It is possible to bypass the message size check with a compressed assertion since the message size is checked before inflation and not after. This issue may lead to remote Denial of Service (DoS). Versions 1.12.4 and 1.18.0 fix the issue.

Created: 2025-03-13 Last update: 2025-04-05 00:00

news

[2025-05-01] Removed 1.17.0-1 from unstable (Debian FTP Masters)
[2025-04-28] ruby-saml REMOVED from testing (Debian testing watch)
[2025-04-04] Accepted ruby-saml 1.11.0-1+deb11u2 (source) into oldstable-security (Daniel Leidert)
[2024-11-11] Accepted ruby-saml 1.11.0-1+deb11u1 (source all) into oldstable-security (Abhijith PA)
[2024-10-13] ruby-saml 1.17.0-1 MIGRATED to testing (Debian testing watch)
[2024-10-11] Accepted ruby-saml 1.17.0-1 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2024-09-28] Accepted ruby-saml 1.13.0-1+deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2024-09-20] Accepted ruby-saml 1.13.0-1+deb12u1 (source) into stable-security (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2023-07-18] ruby-saml 1.15.0-1 MIGRATED to testing (Debian testing watch)
[2023-07-14] Accepted ruby-saml 1.15.0-1 (source) into unstable (Mohammed Bilal)
[2021-10-29] ruby-saml 1.13.0-1 MIGRATED to testing (Debian testing watch)
[2021-10-26] Accepted ruby-saml 1.13.0-1 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2021-08-30] ruby-saml 1.12.2-2 MIGRATED to testing (Debian testing watch)
[2021-08-30] ruby-saml 1.12.2-2 MIGRATED to testing (Debian testing watch)
[2021-08-28] Accepted ruby-saml 1.12.2-2 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2021-04-15] Accepted ruby-saml 1.12.2-1 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2019-09-09] ruby-saml 1.11.0-1 MIGRATED to testing (Debian testing watch)
[2019-09-06] Accepted ruby-saml 1.11.0-1 (source) into unstable (Cédric Boutillier)
[2018-05-15] Accepted ruby-saml 1.7.2-1~bpo9+1 (source all) into stretch-backports, stretch-backports (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-03-23] ruby-saml 1.7.2-1 MIGRATED to testing (Debian testing watch)
[2018-03-18] Accepted ruby-saml 1.7.2-1 (source) into unstable (Cédric Boutillier)
[2016-11-05] ruby-saml 1.4.1-1 MIGRATED to testing (Debian testing watch)
[2016-10-30] Accepted ruby-saml 1.4.1-1 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2016-07-17] ruby-saml 1.3.0-1 MIGRATED to testing (Debian testing watch)
[2016-07-10] Accepted ruby-saml 1.3.0-1 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2016-03-23] ruby-saml 1.1.2-1 MIGRATED to testing (Debian testing watch)
[2016-03-15] Accepted ruby-saml 1.1.2-1 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2015-09-30] ruby-saml 1.0.0-1 MIGRATED to testing (Britney)
[2015-09-24] Accepted ruby-saml 1.0.0-1 (source all) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2015-09-08] ruby-saml 0.9.2-1 MIGRATED to testing (Britney)

1
2

bugs [bug history graph]

all: 0

links

homepage
buildd: logs
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.17.0-1

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing