Package "python3-pysaml2"

Name: python3-pysaml2


SAML Version 2 to be used in a WSGI environment - Python 3.x

Latest version: 3.0.0-3ubuntu1.16.04.4
Release: xenial (16.04)
Level: security
Repository: universe
Head package: python-pysaml2
Homepage: https://github.com/rohe/pysaml2


Download "python3-pysaml2"

Other versions of "python3-pysaml2" in Xenial

Repository Area Version
base universe 3.0.0-3ubuntu1
updates universe 3.0.0-3ubuntu1.16.04.4


Version: 3.0.0-3ubuntu1.16.04.4 2020-01-22 20:07:07 UTC

  python-pysaml2 (3.0.0-3ubuntu1.16.04.4) xenial-security; urgency=medium

  * SECURITY UPDATE: Signature in SAML doc not checked properly
    - debian/patches/CVE-2020-5390.patch: fix XML signature wrapping
      (XSW) in src/saml2/sigver.py.
    - CVE-2020-5390

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 20 Jan 2020 14:04:48 -0300

Source diff to previous version
CVE-2020-5390 PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected

Version: 3.0.0-3ubuntu1.16.04.3 2018-01-08 18:06:26 UTC

  python-pysaml2 (3.0.0-3ubuntu1.16.04.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Any password can be used if optimizations are enabled
    - debian/patches/CVE-2017-1000433.patch: fixes authentication bypass due
      to optimizations in src/saml2/authn.py.
    - CVE-2017-1000433
  * Adding fix for test 41 response
    - debian/patches/fix-test-41-response.patch

 -- <email address hidden> (Leonidas S. Barbosa) Fri, 05 Jan 2018 09:28:02 -0300

Source diff to previous version

Version: 3.0.0-3ubuntu1.16.04.1 2017-08-24 13:06:40 UTC
No changelog available yet.

About   -   Send Feedback to @ubuntu_updates