[PKG-Openstack-devel] Bug#859135: CVE-2016-10127: XXE attack via crafted SAML XML request or response
Salvatore Bonaccorso
carnil at debian.org
Thu Mar 30 19:27:56 UTC 2017
On Thu, Mar 30, 2017 at 02:40:58PM -0400, Antoine Beaupre wrote:
> Package: python-pysaml2
> X-Debbugs-CC: team at security.debian.org secure-testing-team at lists.alioth.debian.org
> Severity: normal
> Tags: security
>
> Hi,
>
> the following vulnerability was published for python-pysaml2.
>
> CVE-2016-10127[0]:
> | PySAML2 allows remote attackers to conduct XML external entity (XXE)
> | attacks via a crafted SAML XML request or response.
As a side note: It can be mentioned for this issue though that a
proper fix would be appropriate in the underlying issue in
src:libxml2. Please though see the whole discussion on oss-security
around the CVE assignment for details.
Regards,
Salvatore
More information about the Openstack-devel
mailing list