Package: python-pysaml2 / 3.0.0-5+deb9u1
Patch seriesview the series file
|fix xxe in xml parsing.patch | (download)||
1 1 + 0 - 0 !
[patch] fix xxe in xml parsing (related to #366) This fixes XXE issues on anything where pysaml2 parses XML directly as part of issue #366. It doesn't address the xmlsec issues discussed on that ticket as they are out of reach of a direct fix and need the underlying library to fix this issue.
|CVE 2020 5390.patch | (download)||
49 49 + 0 - 0 !
[patch] fix xml signature wrapping (xsw) vulnerabilities PySAML2 did not check that the signature in a SAML document is enveloped and thus XML signature wrapping (XSW) was effective.