[PKG-Openstack-devel] python-pysaml2 XEE vulnerability
Thomas Goirand
zigo at debian.org
Mon Jan 9 20:53:05 UTC 2017
On 01/09/2017 02:50 PM, Florian Best wrote:
> Dear debian python-pysaml2 maintainers,
>
> there was a security hole fixed in python-pysaml2, which allowed XML
> External Entity attacks:
> https://github.com/rohe/pysaml2/pull/379
> https://github.com/rohe/pysaml2/commit/6e09a25d9b4b7aa7a506853210a9a14100b8bc9b
>
> Could you please release a security update?
>
> Best regards,
> Florian
Hi Florian,
I have opened a bug for this issue:
https://bugs.debian.org/850716
The fix was uploaded for the 3.0 series, and I contacted the security
team for the 2.0 currently in Jessie. Hopefully, the later wont take too
much time.
Cheers,
Thomas Goirand (zigo)
More information about the Openstack-devel
mailing list