UbuntuUpdates.org

Package "python-pysaml2"

Name: python-pysaml2

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • SAML Version 2 to be used in a WSGI environment - doc
  • SAML Version 2 to be used in a WSGI environment - Python 3.x

Latest version: 4.5.0+dfsg1-0ubuntu2.19.10.1
Release: eoan (19.10)
Level: security
Repository: main

Links

Save this URL for the latest version of "python-pysaml2": https://www.ubuntuupdates.org/python-pysaml2



Other versions of "python-pysaml2" in Eoan

Repository Area Version
base universe 4.5.0+dfsg1-0ubuntu2
base main 4.5.0+dfsg1-0ubuntu2
security universe 4.5.0+dfsg1-0ubuntu2.19.10.1
updates main 4.5.0+dfsg1-0ubuntu2.19.10.1
updates universe 4.5.0+dfsg1-0ubuntu2.19.10.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 4.5.0+dfsg1-0ubuntu2.19.10.1 2020-01-21 18:07:23 UTC

  python-pysaml2 (4.5.0+dfsg1-0ubuntu2.19.10.1) eoan-security; urgency=medium

  * SECURITY UPDATE: Signature in SAML doc not checked properly
    - debian/patches/CVE-2020-5390.patch: fix XML signature wrapping
      (XSW) in src/saml2/sigver.py, tests/saml2_response_xsw.xml,
      tests/test_xsw.py.
    - CVE-2020-5390
  * Fixing test_41_response
    - debian/patches/Fix-test-41-that-now-depend-on-acual-datetime.patch:
      Fix test that depended on actual datetime in tests/test_41_response.py.

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 21 Jan 2020 09:39:08 -0300

CVE-2020-5390 PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected



About   -   Send Feedback to @ubuntu_updates