Launchpad CVE tracker

CVE 2016-10149

XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response.

Related bugs and status

CVE-2016-10149 (Candidate) is related to these bugs:

Bug #1750843: pysaml2 version in global requirements must be updated to 4.5.0

Summary				In	Importance	Status
	1750843	pysaml2 version in global requirements must be updated to 4.5.0		OpenStack Global Requirements	Undecided	Fix Released
	1750843	pysaml2 version in global requirements must be updated to 4.5.0		OpenStack Identity (keystone)	Low	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2017011...
MISC: https://github.com/roh...
CONFIRM: https://bugs.debian.or...
CONFIRM: https://github.com/roh...
CONFIRM: https://github.com/roh...
DEBIAN: DSA-3759
BID: 97692
REDHAT: RHSA-2017:0936
REDHAT: RHSA-2017:0937
REDHAT: RHSA-2017:0938

Launchpad.net

CVE 2016-10149

Related bugs and status

Related bugs

References