[PKG-Openstack-devel] Bug#850716: Bug#850716: XML External Entity attack
zigo at debian.org
Fri Jan 20 10:02:56 UTC 2017
On 01/19/2017 08:02 PM, Salvatore Bonaccorso wrote:
> On Mon, Jan 09, 2017 at 04:28:40PM +0100, Thomas Goirand wrote:
>> there was a security hole fixed in python-pysaml2, which allowed XML
>> External Entity attacks:
> Apparently there was some confusion. To be clear, the above commit now
> after re-clarification from MITRE is CVE-2016-10149, which means
> the initially assigned CVE for the XXE vulnerability in pysaml2 is
> still unfixed. Will open another bug for it. See the comments in the
> references oss-security post for details.
>  https://marc.info/?l=oss-security&m=148484731923389&w=2
Is there a new patch available?
Thomas Goirand (zigo)
More information about the Openstack-devel