[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2119-1] python-pysaml2 security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : python-pysaml2
Version        : 2.0.0-1+deb8u3
CVE ID         : CVE-2020-5390
Debian Bug     : 949322

It was discovered that pysaml2, a Python implementation of SAML to be
used in a WSGI environment, was susceptible to XML signature wrapping
attacks, which could result in a bypass of signature verification.

For Debian 8 "Jessie", this problem has been fixed in version
2.0.0-1+deb8u3.

We recommend that you upgrade your python-pysaml2 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl5WU7sACgkQnUbEiOQ2
gwIIAQ/9G1YRLZmT/Hiui0FpnPw8shMF4aoFl02VSUf4Vk9HlEgW7hVUJrpOTfMf
DI4O8e3pJq8kqvfRPUWLarwGICm40U8UBBUNM332nt6XWxf6Tx/vp4Jwzx6r9b0v
XsuNfHYOMoC2zhy52VVpe50Xwu8GyuKHyo+OKNh1W0lYZowec2mRqjq+k3oxno82
ARzxZdCqwV9X3V6Bk29fJSuVxmEtEos2Yw/JIIPfA3eWsDQZEKItpAuaiZpVwadH
LiOhG7rxC2hR949x7ewGXCRBksW+Vx0jW9iMGrbwkTjj2iT+6X1yOTDc4EU0/EKy
bn+wH9XaG4Vu1v969xIJY4ikFch/2vprmR2K0OB2KmqCKGI4FwsH21clelybekg5
bivu1Er8mz1fG5LfFQsOYLDDFh3vf2L1yTzfDs1Uw7ofLpFISSAH2FL9j/NMYTlS
bkqWkbJXm/y6XdrMdpjHIWYktW7BQKVRYRcw7pj6cFjc5GZL4MK+7Em1DUbBTl0n
MBVzIz2/pd7q/wV01YIQsrNTdVP/ne0aqmoUvvpUZb+SpCJN855qm5FxV9VNnKks
HWtTTnH4CzPssx1/mDrWk9RyNn2uv2QeGM9HGBirJxc8//XBACof5hPmEUSQLaz9
zfCnhSRtx5Qv2zCnpz6dT/pjcZCUSn0z9/rbq+vx0zwkXC5pcPE=
=kWui
-----END PGP SIGNATURE-----
Reply to: