[PKG-Openstack-devel] Bug#859135: CVE-2016-10127: XXE attack via crafted SAML XML request or response
Salvatore Bonaccorso
carnil at debian.org
Thu Mar 30 19:35:44 UTC 2017
On Thu, Mar 30, 2017 at 09:27:56PM +0200, Salvatore Bonaccorso wrote:
> On Thu, Mar 30, 2017 at 02:40:58PM -0400, Antoine Beaupre wrote:
> > Package: python-pysaml2
> > X-Debbugs-CC: team at security.debian.org secure-testing-team at lists.alioth.debian.org
> > Severity: normal
> > Tags: security
> >
> > Hi,
> >
> > the following vulnerability was published for python-pysaml2.
> >
> > CVE-2016-10127[0]:
> > | PySAML2 allows remote attackers to conduct XML external entity (XXE)
> > | attacks via a crafted SAML XML request or response.
>
> As a side note: It can be mentioned for this issue though that a
> proper fix would be appropriate in the underlying issue in
> src:libxml2. Please though see the whole discussion on oss-security
> around the CVE assignment for details.
And https://bugzilla.redhat.com/show_bug.cgi?id=1411794#c12.
Salvatore
More information about the Openstack-devel
mailing list