-
python-pysaml2 (4.5.0-4+deb10u1) buster-security; urgency=medium
* CVE-2020-5390: does not check that the signature in a SAML document is
enveloped and thus signature wrapping is effective, i.e., it is affected by
XML Signature Wrapping (XSW). Applied upstream patch: Fix XML Signature
Wrapping (XSW) vulnerabilities (Closes: #949322).
* Remove a test file that will fail past 2020-11-28 (Closes: #949227).
* Add fix-importing-mock-in-py2.7.patch.
* Add remove-test_switch_1.patch.
-- Thomas Goirand <email address hidden> Fri, 07 Feb 2020 09:27:20 +0100
-
python-pysaml2 (4.5.0-4) unstable; urgency=medium
* CVE-2017-1000246: Reuse of AES initialization vector in AESCipher /
UsernamePasswordMako / Server. Backported upstream patch:
CVE-2017-1000246_Always_generate_a_random_IV_for_AES_operations.patch
(Closes: #882012).
-- Thomas Goirand <email address hidden> Fri, 07 Sep 2018 11:54:53 +0200
-
python-pysaml2 (4.0.2-3) unstable; urgency=medium
[ Ondřej Nový ]
* Running wrap-and-sort -bast
[ Thomas Goirand ]
* Sets http_proxy to the discard port to make sure tests aren't doing
network access.
* Add patch to also remove tests/test_83_md_extensions.py that fails
test discovery.
* Also removed test_load_extern_incommon() which is doing network access.
* Also removed test_enc1() failing for an unknown reason.
-- Thomas Goirand <email address hidden> Mon, 30 Apr 2018 10:24:47 +0000
-
python-pysaml2 (3.0.0-5) unstable; urgency=medium
[ Ondřej Nový ]
* Bumped debhelper compat version to 10
[ Thomas Goirand ]
* Add upstream patch for XML External Entity attack (Closes: #850716).
-- Thomas Goirand <email address hidden> Mon, 09 Jan 2017 16:28:55 +0100