[PKG-Openstack-devel] python-pysaml2 XEE vulnerability

Thomas Goirand zigo at debian.org
Mon Jan 9 20:53:05 UTC 2017

On 01/09/2017 02:50 PM, Florian Best wrote:
> Dear debian python-pysaml2 maintainers,
> there was a security hole fixed in python-pysaml2, which allowed XML
> External Entity attacks:
> https://github.com/rohe/pysaml2/pull/379
> https://github.com/rohe/pysaml2/commit/6e09a25d9b4b7aa7a506853210a9a14100b8bc9b
> Could you please release a security update?
> Best regards,
> Florian

Hi Florian,

I have opened a bug for this issue:

The fix was uploaded for the 3.0 series, and I contacted the security
team for the 2.0 currently in Jessie. Hopefully, the later wont take too
much time.


Thomas Goirand (zigo)

More information about the Openstack-devel mailing list