Format: 1.8 Date: Tue, 22 Jun 2021 11:16:50 -0400 Source: python-pysaml2 Binary: python-pysaml2 python3-pysaml2 python-pysaml2-doc Architecture: all Version: 4.0.2-0ubuntu3.2 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: python-pysaml2 - SAML Version 2 to be used in a WSGI environment - Python 2.x python-pysaml2-doc - SAML Version 2 to be used in a WSGI environment - doc python3-pysaml2 - SAML Version 2 to be used in a WSGI environment - Python 3.x Changes: python-pysaml2 (4.0.2-0ubuntu3.2) bionic-security; urgency=medium . * SECURITY UPDATE: improper verification of cryptographic signature - debian/patches/CVE-2021-21239.patch: restrict the key data that xmlsec1 accepts to only x509 certs in src/saml2/sigver.py, tests/test_xmlsec1_key_data.py, tests/xmlsec1-keydata/signed-assertion-random-embedded-cert.xml, tests/xmlsec1-keydata/signed-assertion-with-hmac.xml, tests/xmlsec1-keydata/signed-response-with-hmac.xml. - CVE-2021-21239 * debian/patches/update-test-metadata-expiration.patch: update test metadata expiration date in tests/metadata.aaitest.xml. * debian/patches/update-test-metadata-expiration-2.patch: allow tests to pass after 2020 in tests/InCommon-metadata.xml, tests/metadata.xml, tests/swamid-2.0.xml, tests/vo_metadata.xml. Checksums-Sha1: 94effb3b4e8ffaff6e436b2513fa109b05b53a0e 54748 python-pysaml2-doc_4.0.2-0ubuntu3.2_all.deb 80de12955a2e419bac4c1b661a82f0791e42578b 200300 python-pysaml2_4.0.2-0ubuntu3.2_all.deb 3226b6d6981710dbe2686d9498fccd645a150c9a 10011 python-pysaml2_4.0.2-0ubuntu3.2_amd64.buildinfo 8e77ebdcf49ca22f882b1aef67a97ff1bd269d33 200384 python3-pysaml2_4.0.2-0ubuntu3.2_all.deb Checksums-Sha256: 943bc2ad751f9e1c80357274505105f0822822a2f5bc13cfdb6cba5ce5f7e5bc 54748 python-pysaml2-doc_4.0.2-0ubuntu3.2_all.deb dbbe73c242aec4d16535da3d24dbe134c191cf1f3e9006fc67c183a745d44a32 200300 python-pysaml2_4.0.2-0ubuntu3.2_all.deb cb4b63164533c532a43e1bc74b9713434a28178030f03b7145be4b67792f6b8d 10011 python-pysaml2_4.0.2-0ubuntu3.2_amd64.buildinfo 09a76d1373143f1d4a2d213f170fb7ebd851168c1236b0e122002b92621c121b 200384 python3-pysaml2_4.0.2-0ubuntu3.2_all.deb Files: 9a170186759b716b02ac9c4d70a2038e 54748 doc optional python-pysaml2-doc_4.0.2-0ubuntu3.2_all.deb cafcede2278ff37a0f4d8ceada391a12 200300 python optional python-pysaml2_4.0.2-0ubuntu3.2_all.deb 21446ccb99270c7e93d7a4e495ac6bf8 10011 python optional python-pysaml2_4.0.2-0ubuntu3.2_amd64.buildinfo e806e9199a938e12cc654210cc6a1665 200384 python optional python3-pysaml2_4.0.2-0ubuntu3.2_all.deb Original-Maintainer: PKG OpenStack