UbuntuUpdates.org

Package "python-pysaml2"

Name: python-pysaml2

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • SAML Version 2 to be used in a WSGI environment - Python 3.x

Latest version: 3.0.0-3ubuntu1.16.04.4
Release: xenial (16.04)
Level: security
Repository: universe

Links

Save this URL for the latest version of "python-pysaml2": https://www.ubuntuupdates.org/python-pysaml2



Other versions of "python-pysaml2" in Xenial

Repository Area Version
base main 3.0.0-3ubuntu1
base universe 3.0.0-3ubuntu1
security main 3.0.0-3ubuntu1.16.04.4
updates main 3.0.0-3ubuntu1.16.04.4
updates universe 3.0.0-3ubuntu1.16.04.4

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.0.0-3ubuntu1.16.04.4 2020-01-22 20:07:07 UTC

  python-pysaml2 (3.0.0-3ubuntu1.16.04.4) xenial-security; urgency=medium

  * SECURITY UPDATE: Signature in SAML doc not checked properly
    - debian/patches/CVE-2020-5390.patch: fix XML signature wrapping
      (XSW) in src/saml2/sigver.py.
    - CVE-2020-5390

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 20 Jan 2020 14:04:48 -0300

Source diff to previous version
CVE-2020-5390 PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected

Version: 3.0.0-3ubuntu1.16.04.3 2018-01-08 18:06:26 UTC

  python-pysaml2 (3.0.0-3ubuntu1.16.04.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Any password can be used if optimizations are enabled
    - debian/patches/CVE-2017-1000433.patch: fixes authentication bypass due
      to optimizations in src/saml2/authn.py.
    - CVE-2017-1000433
  * Adding fix for test 41 response
    - debian/patches/fix-test-41-response.patch

 -- <email address hidden> (Leonidas S. Barbosa) Fri, 05 Jan 2018 09:28:02 -0300

Source diff to previous version

Version: 3.0.0-3ubuntu1.16.04.1 2017-08-24 13:06:40 UTC
No changelog available yet.



About   -   Send Feedback to @ubuntu_updates