Package: python-pysaml2 / 2.0.0-1+deb8u1

Metadata

Package Version Patches format
python-pysaml2 2.0.0-1+deb8u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
CVE 2016 10127_fix xxe in xml parsing.patch | (download)

setup.py | 3 2 + 1 - 0 !
src/saml2/__init__.py | 5 3 + 2 - 0 !
src/saml2/pack.py | 3 2 + 1 - 0 !
src/saml2/soap.py | 7 4 + 3 - 0 !
tests/test_03_saml2.py | 27 27 + 0 - 0 !
tests/test_43_soap.py | 43 43 + 0 - 0 !
tests/test_51_client.py | 14 14 + 0 - 0 !
7 files changed, 95 insertions(+), 7 deletions(-)

 cve-2016-10127 fix xxe in xml parsing (related to #366)
 This fixes XXE issues on anything where pysaml2 parses XML directly as part of
 issue #366. It doesn't address the xmlsec issues discussed on that ticket as
 they are out of reach of a direct fix and need the underlying library to fix
 this issue.
 .
 The patch has been backported form the 3.0 branch to 2.0 by zigo@debian.org.