[Secure-testing-team] Bug#850716: XML External Entity attack
Thomas Goirand
zigo at debian.org
Mon Jan 9 15:28:40 UTC 2017
Source: python-pysaml2
Severity: serious
Tags: security patch
As per report from user:
-------- Forwarded Message --------
Subject: python-pysaml2 XEE vulnerability
Date: Mon, 9 Jan 2017 14:50:41 +0100
From: Florian Best <best at univention.de>
Organization: Univention GmbH
To: zigo at debian.org
CC: openstack-devel at lists.alioth.debian.org
Dear debian python-pysaml2 maintainers,
there was a security hole fixed in python-pysaml2, which allowed XML
External Entity attacks:
https://github.com/rohe/pysaml2/pull/379
https://github.com/rohe/pysaml2/commit/6e09a25d9b4b7aa7a506853210a9a14100b8bc9b
Could you please release a security update?
Best regards,
Florian
More information about the Secure-testing-team
mailing list