Bug#850716: marked as done (XML External Entity attack)

Mon, 09 Jan 2017 13:21:36 -0800 

Your message dated Mon, 09 Jan 2017 21:18:47 +0000
with message-id <e1cqhl5-00008s...@fasolo.debian.org>
and subject line Bug#850716: fixed in python-pysaml2 3.0.0-5
has caused the Debian Bug report #850716,
regarding XML External Entity attack
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
850716: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850716
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: python-pysaml2
Severity: serious
Tags: security patch

As per report from user:

-------- Forwarded Message --------
Subject: python-pysaml2 XEE vulnerability
Date: Mon, 9 Jan 2017 14:50:41 +0100
From: Florian Best <b...@univention.de>
Organization: Univention GmbH
To: z...@debian.org
CC: openstack-de...@lists.alioth.debian.org

Dear debian python-pysaml2 maintainers,

there was a security hole fixed in python-pysaml2, which allowed XML
External Entity attacks:
https://github.com/rohe/pysaml2/pull/379
https://github.com/rohe/pysaml2/commit/6e09a25d9b4b7aa7a506853210a9a14100b8bc9b

Could you please release a security update?

Best regards,
Florian

--- End Message ---
--- Begin Message --- 
Source: python-pysaml2
Source-Version: 3.0.0-5

We believe that the bug you reported is fixed in the latest version of
python-pysaml2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 850...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thomas Goirand <z...@debian.org> (supplier of updated python-pysaml2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 09 Jan 2017 16:28:55 +0100
Source: python-pysaml2
Binary: python-pysaml2 python3-pysaml2 python-pysaml2-doc
Architecture: source all
Version: 3.0.0-5
Distribution: unstable
Urgency: medium
Maintainer: PKG OpenStack <openstack-de...@lists.alioth.debian.org>
Changed-By: Thomas Goirand <z...@debian.org>
Description:
 python-pysaml2 - SAML Version 2 to be used in a WSGI environment - Python 2.x
 python-pysaml2-doc - SAML Version 2 to be used in a WSGI environment - doc
 python3-pysaml2 - SAML Version 2 to be used in a WSGI environment - Python 3.x
Closes: 850716
Changes:
 python-pysaml2 (3.0.0-5) unstable; urgency=medium
 .
   [ Ondřej Nový ]
   * Bumped debhelper compat version to 10
 .
   [ Thomas Goirand ]
   * Add upstream patch for XML External Entity attack (Closes: #850716).
Checksums-Sha1:
 26ddbadcba3e2f25dfb6ea80f407e324b58f2172 2819 python-pysaml2_3.0.0-5.dsc
 3b55888eeb75408b72e2765195a6b8f0d430ec1f 6820 
python-pysaml2_3.0.0-5.debian.tar.xz
 e200a13ef2d6e661f0d842ac4d07f2b32ce9e421 47662 
python-pysaml2-doc_3.0.0-5_all.deb
 34dc5af2177f5163a2ea5a35f5e629d10e7171d3 194944 python-pysaml2_3.0.0-5_all.deb
 58c3c49d3af4e37f1654fb24022c942a790affd8 8545 
python-pysaml2_3.0.0-5_amd64.buildinfo
 46eb2bea8895521820aeb601b3acdebcd43fce85 195004 python3-pysaml2_3.0.0-5_all.deb
Checksums-Sha256:
 c5e1cb13bbc0b128668a103bd0771355d2e84ef3af132dbd745f62c9b419c5c2 2819 
python-pysaml2_3.0.0-5.dsc
 127eaf74e6ead92af2a526e5b3aceadff3be6124cacdbd29745726fa0e10e779 6820 
python-pysaml2_3.0.0-5.debian.tar.xz
 7586bf002a940d74a65abea4076f617f9c5090bcb13e1252c541e5c23d2a7954 47662 
python-pysaml2-doc_3.0.0-5_all.deb
 375da92f94f7d5390e5c7e1f389155511fe2e6c404af53769cb4b9ada0409148 194944 
python-pysaml2_3.0.0-5_all.deb
 6529e2163ec3f704e237ca5441cca03b87c5af3e1ce5823850b73c58f5078443 8545 
python-pysaml2_3.0.0-5_amd64.buildinfo
 03bb85bb37a5d810d8198c4fda76fb61237ec97a875f22722b38accebc77cdd3 195004 
python3-pysaml2_3.0.0-5_all.deb
Files:
 5c7c052342348d46ec7280d246c697bc 2819 python optional 
python-pysaml2_3.0.0-5.dsc
 7b3680149b2c11f5ee9f85e8049bf416 6820 python optional 
python-pysaml2_3.0.0-5.debian.tar.xz
 d0e667aa5605d9d4db5914aef4b66a3c 47662 doc optional 
python-pysaml2-doc_3.0.0-5_all.deb
 8602ceb1c8a50bb5a2d9bd44c4d00c32 194944 python optional 
python-pysaml2_3.0.0-5_all.deb
 c559655b278d1541c0269080f90811d6 8545 python optional 
python-pysaml2_3.0.0-5_amd64.buildinfo
 beb47f23946c91e5d45f11f7f6a02d31 195004 python optional 
python3-pysaml2_3.0.0-5_all.deb

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAlhz99kQHHppZ29AZGVi
aWFuLm9yZwAKCRDUFq0VrGtD/lrrEACRTTtT0gpNhjL4BMbXsYaA92k/Od5Hm4v+
DxbimVdb23hvdou4kHJGtWMXistIHXZsamIzz95Fygnk03MaNBA18Rb4b8AE2qQA
flbtgOtacRLKCgrcZmZB8Dgz8FAh1vL6HCEOnEkltWlCkbc0V74d4ryXQ5476sPI
uZuFdm+Akh2mPK9Le/8TMzuCafrCe6Ury6Y8ZXFmdmP5x3a4bUw8synCtgJ8fY2i
VqwVhWyXLFodeOvEmy2rn5mnSP8Y+SXQvT+P4toN0/2o7I2WH30feNakxUK6D43H
U4KQ0lyTMufDKKheQ1DiBdTes5fTZEgJKjPCahHkuseXhpgwvF23iCjxGc/W1tPN
wMj2qXxx26mc6AhtCylrRjvRwYyrZIdoL4ayzJrfnMntKkOBBI1HIAjvaxW3B6aw
IRts5sNG+AjVUQaGSvaZcGO59ed9IPKlFjEQ/bdfcA6mR+QTW4tz6wWPsVfEijTz
oAH4WVm9TGUARPzz8FOSIrlx84AibjDazyG05vgGyzEsLHsLn1Kq1MCNTnaj79kk
g2BMMJO3/NYnXOPnjNj8cr/dTcZfHhl5tButx0D37CoCtjN1CwAztZ782MNV4dWz
nVvV8HByk8A/nZ8Gvo37vf44FZo3pdCuQkij6zBhN9tM1zsTFZZ05QklfuHSgDwe
CfMlm9rYDw==
=tP7f
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to