[SECURITY] [DLA 1410-1] python-pysaml2 security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : python-pysaml2
Version : 2.0.0-1+deb8u2
CVE ID : CVE-2017-1000433
Debian Bug : 886423
Pysaml2, a Python implementation of the Security Assertion Markup
Language, would accept any password when run with Python optimizations
enabled. This allows attackers to log in as any user without knowing
their password.
For Debian 8 "Jessie", this issue has been fixed in version
2.0.0-1+deb8u2.
We recommend that you upgrade your python-pysaml2 packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAls46l9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeQYnhAAutCHvhhjQ6As1QUqMMhH8Pp4+DOEpqClppVeifOdilH6Lwv1ByLWUOxp
EhWDeCthEubh+V1gvh8/LPB9IcpEMXN9SiOhMKZov2Ow9G3CyJWekgIulqI+pLqp
IO+yBO+1KGw7SYnvKij09EX2KtCRJDJpilVw/UIQiDRI+cTPccF4wX7Bbt8fTgSH
2Mm3Byw6DAKISNzHDaBkBbGfklFGVjqMkj2vVAtwR0Yhb/AhF+pW2QvMjCNkyD2x
Hqa+PYny1io1/a4FRiqTY1PmDOJ9R7MoQmX+U0YerNKvrh+pfoJ5l15RBayZQswk
JgcoFbzr8klVgIrqosyCtXjU7pm4ISGzIjuhz4AsDpgTEGTNChuPkOzCIiHzFEt9
DC/52WqqRF01NCXDlp9yVh1hKZUYbGivfD0sEGmzADXWvCvxFm5ceyP/3REj1ukX
Stq84cZmxTFVl8sZrDi0BepIdzazqKfKhVV2bihP1PeYcki+nXu89Ddw2osAYRc9
0YVMSkvGoS94qTAHBPn9q5T001JP/Dpp+9Sij0eeDk5SiCKE7e9I/5UXVeVLVoj9
7X1kuebEaneYS25AJSg+/5H+M187+PH65NpZJjyBcEl+D3oRvRmjfCm9uSUOUeOY
0AC6+TBmexkAeIVQixnM0eVI5fpIOtV/ATwyxt4W9I6Z2vlHd6k=
=B6Ah
-----END PGP SIGNATURE-----
Reply to: