Bug#850716: [PKG-Openstack-devel] Bug#850716: XML External Entity attack

Hi Thomas, On Fri, Jan 20, 2017 at 11:02:56AM +0100, Thomas Goirand wrote: > On 01/19/2017 08:02 PM, Salvatore Bonaccorso wrote: > > Hi, > > > > On Mon, Jan 09, 2017 at 04:28:40PM +0100, Thomas Goirand wrote: > >> there was a security hole fixed in python-pysaml2, which allowed XML > >> External

Bug#850716: [PKG-Openstack-devel] Bug#850716: XML External Entity attack

On 01/19/2017 08:02 PM, Salvatore Bonaccorso wrote: > Hi, > > On Mon, Jan 09, 2017 at 04:28:40PM +0100, Thomas Goirand wrote: >> there was a security hole fixed in python-pysaml2, which allowed XML >> External Entity attacks: >> https://github.com/rohe/pysaml2/pull/379 >>

Bug#850716: XML External Entity attack

Hi, On Mon, Jan 09, 2017 at 04:28:40PM +0100, Thomas Goirand wrote: > there was a security hole fixed in python-pysaml2, which allowed XML > External Entity attacks: > https://github.com/rohe/pysaml2/pull/379 > https://github.com/rohe/pysaml2/commit/6e09a25d9b4b7aa7a506853210a9a14100b8bc9b

Bug#850716: XML External Entity attack

Control: retitle -1 python-pysaml2: CVE-2016-10127: XML External Entity attack Hi This issue has been assigned CVE-2016-10127, cf. http://www.openwall.com/lists/oss-security/2017/01/11/5 Regards, Salvatore

Bug#850716: XML External Entity attack

Source: python-pysaml2 Severity: serious Tags: security patch As per report from user: Forwarded Message Subject: python-pysaml2 XEE vulnerability Date: Mon, 9 Jan 2017 14:50:41 +0100 From: Florian Best Organization: Univention GmbH To: z...@debian.org CC: