|
|
Subscribe / Log in / New account

Debian alert DLA-2119-1 (python-pysaml2)

From:  Emilio Pozuelo Monfort <pochu@debian.org>
To:  debian-lts-announce@lists.debian.org
Subject:  [SECURITY] [DLA 2119-1] python-pysaml2 security update
Date:  Wed, 26 Feb 2020 12:17:15 +0100
Message-ID:  <81c76f9c-19d9-be91-05b2-0c6fcce9d9c6@debian.org>

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : python-pysaml2 Version : 2.0.0-1+deb8u3 CVE ID : CVE-2020-5390 Debian Bug : 949322 It was discovered that pysaml2, a Python implementation of SAML to be used in a WSGI environment, was susceptible to XML signature wrapping attacks, which could result in a bypass of signature verification. For Debian 8 "Jessie", this problem has been fixed in version 2.0.0-1+deb8u3. We recommend that you upgrade your python-pysaml2 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl5WU7sACgkQnUbEiOQ2 gwIIAQ/9G1YRLZmT/Hiui0FpnPw8shMF4aoFl02VSUf4Vk9HlEgW7hVUJrpOTfMf DI4O8e3pJq8kqvfRPUWLarwGICm40U8UBBUNM332nt6XWxf6Tx/vp4Jwzx6r9b0v XsuNfHYOMoC2zhy52VVpe50Xwu8GyuKHyo+OKNh1W0lYZowec2mRqjq+k3oxno82 ARzxZdCqwV9X3V6Bk29fJSuVxmEtEos2Yw/JIIPfA3eWsDQZEKItpAuaiZpVwadH LiOhG7rxC2hR949x7ewGXCRBksW+Vx0jW9iMGrbwkTjj2iT+6X1yOTDc4EU0/EKy bn+wH9XaG4Vu1v969xIJY4ikFch/2vprmR2K0OB2KmqCKGI4FwsH21clelybekg5 bivu1Er8mz1fG5LfFQsOYLDDFh3vf2L1yTzfDs1Uw7ofLpFISSAH2FL9j/NMYTlS bkqWkbJXm/y6XdrMdpjHIWYktW7BQKVRYRcw7pj6cFjc5GZL4MK+7Em1DUbBTl0n MBVzIz2/pd7q/wV01YIQsrNTdVP/ne0aqmoUvvpUZb+SpCJN855qm5FxV9VNnKks HWtTTnH4CzPssx1/mDrWk9RyNn2uv2QeGM9HGBirJxc8//XBACof5hPmEUSQLaz9 zfCnhSRtx5Qv2zCnpz6dT/pjcZCUSn0z9/rbq+vx0zwkXC5pcPE= =kWui -----END PGP SIGNATURE-----


to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds