subject:"Bug#882012\: python\-pysaml2\: CVE\-2017\-1000246\: Reuse of AES initialization vector in AESCipher \/ UsernamePasswordMako \/ Server"

Bug#882012: python-pysaml2: CVE-2017-1000246: Reuse of AES initialization vector in AESCipher / UsernamePasswordMako / Server

2018-08-23 Thread Salvatore Bonaccorso

Control: found -1 4.5.0-1 Not fixed yet in 4.5.0, but in 4.6.0 upstream. Regards, Salvatore

Bug#882012: python-pysaml2: CVE-2017-1000246: Reuse of AES initialization vector in AESCipher / UsernamePasswordMako / Server

2017-11-17 Thread Salvatore Bonaccorso

Source: python-pysaml2 Version: 3.0.0-5 Severity: important Tags: security upstream Forwarded: https://github.com/rohe/pysaml2/issues/417 Hi, the following vulnerability was published for python-pysaml2. CVE-2017-1000246[0]: | Python package pysaml2 version 4.4.0 and earlier reuses the |