Package "python3-pysaml2"

Name:	python3-pysaml2
Description:	SAML Version 2 to be used in a WSGI environment - Python 3.x
Latest version:	3.0.0-3ubuntu1.16.04.4
Release:	xenial (16.04)
Level:	updates
Repository:	universe
Head package:	python-pysaml2
Homepage:	https://github.com/rohe/pysaml2

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Download "python3-pysaml2"

All arch deb package

APT INSTALL

Other versions of "python3-pysaml2" in Xenial

Repository	Area	Version
base	universe	3.0.0-3ubuntu1
security	universe	3.0.0-3ubuntu1.16.04.4

Changelog

Version: 3.0.0-3ubuntu1.16.04.4 2020-01-21 19:07:14 UTC

python-pysaml2 (3.0.0-3ubuntu1.16.04.4) xenial-security; urgency=medium * SECURITY UPDATE: Signature in SAML doc not checked properly - debian/patches/CVE-2020-5390.patch: fix XML signature wrapping (XSW) in src/saml2/sigver.py. - CVE-2020-5390 -- <email address hidden> (Leonidas S. Barbosa) Mon, 20 Jan 2020 14:04:48 -0300

Source diff to previous version

CVE-2020-5390

PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected

Version: 3.0.0-3ubuntu1.16.04.3 2018-01-08 18:06:27 UTC

Version: 3.0.0-3ubuntu1.16.04.3	2018-01-08 18:06:27 UTC
`python-pysaml2 (3.0.0-3ubuntu1.16.04.3) xenial-security; urgency=medium * SECURITY UPDATE: Any password can be used if optimizations are enabled - debian/patches/CVE-2017-1000433.patch: fixes authentication bypass due to optimizations in src/saml2/authn.py. - CVE-2017-1000433 * Adding fix for test 41 response - debian/patches/fix-test-41-response.patch -- <email address hidden> (Leonidas S. Barbosa) Fri, 05 Jan 2018 09:28:02 -0300`
Source diff to previous version

python-pysaml2 (3.0.0-3ubuntu1.16.04.3) xenial-security; urgency=medium * SECURITY UPDATE: Any password can be used if optimizations are enabled - debian/patches/CVE-2017-1000433.patch: fixes authentication bypass due to optimizations in src/saml2/authn.py. - CVE-2017-1000433 * Adding fix for test 41 response - debian/patches/fix-test-41-response.patch -- <email address hidden> (Leonidas S. Barbosa) Fri, 05 Jan 2018 09:28:02 -0300

Source diff to previous version

Version: 3.0.0-3ubuntu1.16.04.1 2017-08-24 14:06:41 UTC

Version: 3.0.0-3ubuntu1.16.04.1	2017-08-24 14:06:41 UTC
python-pysaml2 (3.0.0-3ubuntu1.16.04.1) xenial-security; urgency=medium * SECURITY UPDATE: External Entity vulnerability - debian/patches/CVE-2016-10149.patch: fixes XXE issues in setupy.py, src/saml2/__init__.py, src/saml2/pack.py, src/saml2/soap.py, tests/test_03_saml2.py, tests/test_43_soap.py, tests/test_51_client.py. - CVE-2016-10149 * Some tests fails in upstream test suite. Adding the corresponding fix. - debian/patches/fix-tests.patch -- <email address hidden> (Leonidas S. Barbosa) Tue, 22 Aug 2017 17:41:01 -0300

python-pysaml2 (3.0.0-3ubuntu1.16.04.1) xenial-security; urgency=medium * SECURITY UPDATE: External Entity vulnerability - debian/patches/CVE-2016-10149.patch: fixes XXE issues in setupy.py, src/saml2/__init__.py, src/saml2/pack.py, src/saml2/soap.py, tests/test_03_saml2.py, tests/test_43_soap.py, tests/test_51_client.py. - CVE-2016-10149 * Some tests fails in upstream test suite. Adding the corresponding fix. - debian/patches/fix-tests.patch -- <email address hidden> (Leonidas S. Barbosa) Tue, 22 Aug 2017 17:41:01 -0300

About - Send Feedback to @ubuntu_updates

Package "python3-pysaml2"

Links

Download "python3-pysaml2"

Other versions of "python3-pysaml2" in Xenial

Changelog

Share this page

Bookmarks

Latest updates

updates

security

proposed

PPA updates