UbuntuUpdates.org

Package "python3-pysaml2"

Name: python3-pysaml2

Description:

SAML Version 2 to be used in a WSGI environment - Python 3.x

Latest version: 3.0.0-3ubuntu1.16.04.4
Release: xenial (16.04)
Level: updates
Repository: universe
Head package: python-pysaml2
Homepage: https://github.com/rohe/pysaml2

Links


Download "python3-pysaml2"


Other versions of "python3-pysaml2" in Xenial

Repository Area Version
base universe 3.0.0-3ubuntu1
security universe 3.0.0-3ubuntu1.16.04.4

Changelog

Version: 3.0.0-3ubuntu1.16.04.4 2020-01-21 19:07:14 UTC

  python-pysaml2 (3.0.0-3ubuntu1.16.04.4) xenial-security; urgency=medium

  * SECURITY UPDATE: Signature in SAML doc not checked properly
    - debian/patches/CVE-2020-5390.patch: fix XML signature wrapping
      (XSW) in src/saml2/sigver.py.
    - CVE-2020-5390

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 20 Jan 2020 14:04:48 -0300

Source diff to previous version
CVE-2020-5390 PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected

Version: 3.0.0-3ubuntu1.16.04.3 2018-01-08 18:06:27 UTC

  python-pysaml2 (3.0.0-3ubuntu1.16.04.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Any password can be used if optimizations are enabled
    - debian/patches/CVE-2017-1000433.patch: fixes authentication bypass due
      to optimizations in src/saml2/authn.py.
    - CVE-2017-1000433
  * Adding fix for test 41 response
    - debian/patches/fix-test-41-response.patch

 -- <email address hidden> (Leonidas S. Barbosa) Fri, 05 Jan 2018 09:28:02 -0300

Source diff to previous version

Version: 3.0.0-3ubuntu1.16.04.1 2017-08-24 14:06:41 UTC

  python-pysaml2 (3.0.0-3ubuntu1.16.04.1) xenial-security; urgency=medium

  * SECURITY UPDATE: External Entity vulnerability
    - debian/patches/CVE-2016-10149.patch: fixes XXE issues in
      setupy.py, src/saml2/__init__.py, src/saml2/pack.py,
      src/saml2/soap.py, tests/test_03_saml2.py,
      tests/test_43_soap.py, tests/test_51_client.py.
    - CVE-2016-10149
  * Some tests fails in upstream test suite. Adding the
    corresponding fix.
    - debian/patches/fix-tests.patch

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 22 Aug 2017 17:41:01 -0300




About   -   Send Feedback to @ubuntu_updates