Debian alert DLA-2119-1 (python-pysaml2)
| From: | Emilio Pozuelo Monfort <pochu@debian.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 2119-1] python-pysaml2 security update | |
| Date: | Wed, 26 Feb 2020 12:17:15 +0100 | |
| Message-ID: | <81c76f9c-19d9-be91-05b2-0c6fcce9d9c6@debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : python-pysaml2 Version : 2.0.0-1+deb8u3 CVE ID : CVE-2020-5390 Debian Bug : 949322 It was discovered that pysaml2, a Python implementation of SAML to be used in a WSGI environment, was susceptible to XML signature wrapping attacks, which could result in a bypass of signature verification. For Debian 8 "Jessie", this problem has been fixed in version 2.0.0-1+deb8u3. We recommend that you upgrade your python-pysaml2 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl5WU7sACgkQnUbEiOQ2 gwIIAQ/9G1YRLZmT/Hiui0FpnPw8shMF4aoFl02VSUf4Vk9HlEgW7hVUJrpOTfMf DI4O8e3pJq8kqvfRPUWLarwGICm40U8UBBUNM332nt6XWxf6Tx/vp4Jwzx6r9b0v XsuNfHYOMoC2zhy52VVpe50Xwu8GyuKHyo+OKNh1W0lYZowec2mRqjq+k3oxno82 ARzxZdCqwV9X3V6Bk29fJSuVxmEtEos2Yw/JIIPfA3eWsDQZEKItpAuaiZpVwadH LiOhG7rxC2hR949x7ewGXCRBksW+Vx0jW9iMGrbwkTjj2iT+6X1yOTDc4EU0/EKy bn+wH9XaG4Vu1v969xIJY4ikFch/2vprmR2K0OB2KmqCKGI4FwsH21clelybekg5 bivu1Er8mz1fG5LfFQsOYLDDFh3vf2L1yTzfDs1Uw7ofLpFISSAH2FL9j/NMYTlS bkqWkbJXm/y6XdrMdpjHIWYktW7BQKVRYRcw7pj6cFjc5GZL4MK+7Em1DUbBTl0n MBVzIz2/pd7q/wV01YIQsrNTdVP/ne0aqmoUvvpUZb+SpCJN855qm5FxV9VNnKks HWtTTnH4CzPssx1/mDrWk9RyNn2uv2QeGM9HGBirJxc8//XBACof5hPmEUSQLaz9 zfCnhSRtx5Qv2zCnpz6dT/pjcZCUSn0z9/rbq+vx0zwkXC5pcPE= =kWui -----END PGP SIGNATURE-----