The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions. References: https://simplesamlphp.org/security/201801-03 https://lists.debian.org/debian-lts-announce/2018/02/msg00008.html
Created php-simplesamlphp-saml2 tracking bugs for this issue: Affects: fedora-all [bug 1552851] Affects: epel-all [bug 1552852]
CVE-2018-6521 (SSPSA 201801-03) is for the SimpleSAMLphp application not the php-simplesamlphp/saml2 library Dependent bugs have been closed as not a bug. Please close this bug as well.
All dependent bugs are closed. Please close.