[MEDIUM] Incorrect IV generation for encryption

PKSA-1z4s-btyn-9vw9 CVE-2017-12871 GHSA-ww3w-592j-5qrw

Affected package: simplesamlphp/simplesamlphp

Affected version: >=1.14.0,<1.14.12

Reported by:
GitHub, FriendsOfPHP/security-advisories