-
python-pysaml2 (3.0.0-3ubuntu1.17.04.3) zesty-security; urgency=medium
* SECURITY UPDATE: Any password can be used if optimizations are enabled
- debian/patches/CVE-2017-1000433.patch: fixes authentication bypass due
to optimizations in src/saml2/authn.py.
- CVE-2017-1000433
* Adding fix for test 41 response
- debian/patches/fix-test-41-response.patch
-- <email address hidden> (Leonidas S. Barbosa) Fri, 05 Jan 2018 09:40:52 -0300
-
python-pysaml2 (3.0.0-3ubuntu1.17.04.1) zesty-security; urgency=medium
* SECURITY UPDATE: External Entity vulnerability
- debian/patches/CVE-2016-10149.patch: fixes XXE issues in
setupy.py, src/saml2/__init__.py, src/saml2/pack.py,
src/saml2/soap.py, tests/test_03_saml2.py,
tests/test_43_soap.py, tests/test_51_client.py.
- CVE-2016-10149
* Some tests fails in upstream test suite. Adding the
corresponding fix.
- debian/patches/fix-tests.patch
-- <email address hidden> (Leonidas S. Barbosa) Tue, 22 Aug 2017 17:42:58 -0300
-
python-pysaml2 (3.0.0-3ubuntu1) xenial; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/control: Drop runtime dependencies on python{,3}-repoze.who back
to a Suggests, remove BD. Depend on pymongo 3.0 and higher.
- debian/patches/disable-repoze.who-tests.patch: Skip hard requirement on
repoze.who and dependent tests, as repoze.who is unmaintained and
out-of-date in Debian and Ubuntu.
-- Ćukasz 'sil2100' Zemczak <email address hidden> Thu, 18 Feb 2016 12:53:50 +0100