1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4630-1] python-pysaml2 security update

    From Moritz Muehlenhoff@1:229/2 to All on Fri Feb 21 21:30:01 2020
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4630-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 21, 2020 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : python-pysaml2
    CVE ID : CVE-2020-5390

    It was discovered that pysaml2, a Python implementation of SAML to be
    used in a WSGI environment, was susceptible to XML signature wrapping
    attacks, which could result in a bypass of signature verification.

    For the oldstable distribution (stretch), this problem has been fixed
    in version 3.0.0-5+deb9u1.

    For the stable distribution (buster), this problem has been fixed in
    version 5.4.1-2+deb10u1.

    We recommend that you upgrade your python-pysaml2 packages.

    For the detailed security status of python-pysaml2 please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/python-pysaml2

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl5QOy0ACgkQEMKTtsN8 TjatdhAAhFF5yji3kWNPKqsij0i4/Beyf5dw4oh0+muu4C2xrr5vWrJBMoCBqeBz oeIxvRgl43MBJGJ2K+VzgAsJ7g7s1TswbZS0HsjVi9AwjcGxuiZGsskre1Bn7dwN 0bx8LIRwv5LMufLgbViSnAp1qWhbk4bdhg8bTrTjXcFr/bAvpQJ7XnNpqH3x3vWM ihAwlld7tKYObnqDIwFnZJJsoRhKSoR8NNCed/O9aWk2VaBPj7OCu1OuF8RInQ32 1bwdu45c9icdgFzgubyslp4U7fLb2Nv2DyfsjUWnRcBmkvs4mrjJfSPkKIFNS5iX rJijuQoR1vw6yDPj9NV/cvARRyrmaqCNE76x26htG01udi231rtb8jVh+bwCk3J4 L9ChJnSjmpMOVq/7ZUD8vDRa8qJTXhYPAzG2XfF/IMbYPNWgvUyiCDDf7IbxHcDO XsJVaFe4JwPSEK03hBgJvhvcM35b7qiFqXAj1aEkvSYTGjVQPXgaqfjZcoiaubUV fMTHNMBKvbf3BD8OyiE+1xHSZt1oxuYvyifFqBdgL6t86iAAAyCoR264/kkPUcig +j7C4v6u/B8mpHMgMjpuepRi8vpkFNXQvYR8K8ndbqG6QdXNhcBthpxeCUok8ceC 3KED212MniccV2cc2E8jINLlZStyQCVO6hYTWGxfn8LuKhDjkLM=
    =bGnX
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)