-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 07 Feb 2020 09:27:20 +0100 Source: python-pysaml2 Binary: python-pysaml2 python-pysaml2-doc python3-pysaml2 Architecture: source all Version: 4.5.0-4+deb10u1 Distribution: buster-security Urgency: medium Maintainer: Debian OpenStack <team+openstack@tracker.debian.org> Changed-By: Thomas Goirand <zigo@debian.org> Description: python-pysaml2 - SAML Version 2 to be used in a WSGI environment - Python 2.x python-pysaml2-doc - SAML Version 2 to be used in a WSGI environment - doc python3-pysaml2 - SAML Version 2 to be used in a WSGI environment - Python 3.x Closes: 949227 949322 Changes: python-pysaml2 (4.5.0-4+deb10u1) buster-security; urgency=medium . * CVE-2020-5390: does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). Applied upstream patch: Fix XML Signature Wrapping (XSW) vulnerabilities (Closes: #949322). * Remove a test file that will fail past 2020-11-28 (Closes: #949227). * Add fix-importing-mock-in-py2.7.patch. * Add remove-test_switch_1.patch. Checksums-Sha1: bf1dd67d1c7c58a83ffb7835258201b98e5c0e87 2933 python-pysaml2_4.5.0-4+deb10u1.dsc 37d0cb194b322f858836282130ddea2e7fd352de 2694552 python-pysaml2_4.5.0.orig.tar.xz fc4f63c29f46e62f2a34c4c6d8c435bcdc845a60 15212 python-pysaml2_4.5.0-4+deb10u1.debian.tar.xz 2f871221e72dfd08a755a75f50cbe434e292fab0 51268 python-pysaml2-doc_4.5.0-4+deb10u1_all.deb 34a8dcd2aab907e2b75010803d59b2fed9682dd1 202024 python-pysaml2_4.5.0-4+deb10u1_all.deb ba1a64ece07f657d9862ce77fee5978693439988 11002 python-pysaml2_4.5.0-4+deb10u1_amd64.buildinfo 8866cceded75a98643850790fea817a576cca55d 202048 python3-pysaml2_4.5.0-4+deb10u1_all.deb Checksums-Sha256: 7666259a25a9a905927bd07e3770bc51a2b11a354fc88eb144caa5060ef197ce 2933 python-pysaml2_4.5.0-4+deb10u1.dsc 3e1a807fc82998883d8648624fabcda57a446a198e297c36a14e7969c4c2ddc1 2694552 python-pysaml2_4.5.0.orig.tar.xz c09d116988a6af9273c4f2a8a7b59b07d619ae0144e822f50b0900049a187b19 15212 python-pysaml2_4.5.0-4+deb10u1.debian.tar.xz e2ba9e52d314a0467ecea1aa788071bd25f59fcd55e1c4d218df5dc3b915d131 51268 python-pysaml2-doc_4.5.0-4+deb10u1_all.deb fc910e862e69769b5114d7d56dcb96faf34cc02570fc3fb3bd8959c00a197583 202024 python-pysaml2_4.5.0-4+deb10u1_all.deb 52fb3e3b3a2f6c7a5286c42fb1c922f5a7dc6436ffc8b0e5a826a38aab5a6a02 11002 python-pysaml2_4.5.0-4+deb10u1_amd64.buildinfo f59e95ea531b8115b7e3c0917ab323e18f824878b8bbbdba775136ee7d23a8be 202048 python3-pysaml2_4.5.0-4+deb10u1_all.deb Files: 692b1afb3c45e513ed0a0736e8d9a19d 2933 python optional python-pysaml2_4.5.0-4+deb10u1.dsc 87b88150b7507cce0d39c138aa09a31f 2694552 python optional python-pysaml2_4.5.0.orig.tar.xz d90a7cf0feb7aad7b9cf09a0ddc5832f 15212 python optional python-pysaml2_4.5.0-4+deb10u1.debian.tar.xz 8b4cd0e61cc4e722fbe94e44178c2e97 51268 doc optional python-pysaml2-doc_4.5.0-4+deb10u1_all.deb 1438704a318fdb2af34f72ac0304e5bc 202024 python optional python-pysaml2_4.5.0-4+deb10u1_all.deb c96a20c99d3fb3112ab4dafbd3904752 11002 python optional python-pysaml2_4.5.0-4+deb10u1_amd64.buildinfo e1fb616220dbf9844d65613866aa6619 202048 python optional python3-pysaml2_4.5.0-4+deb10u1_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAl5GfAEACgkQ1BatFaxr Q/6bKRAAja+ZS/9pXqgztf9KXq6cuB0iplKLNGNRQkbiMdM4WYPxUGTjlsAj+8+A dMpqsZ+GaS1noDOS+ZUDvhy7IlVczlMctam5+pIMvAYNb5X7100srTL2rYWJ7Ke0 NpsQ9+fR7y0Tm7bu94x6JunjRQkpVQYskZ6ZmGIIr+55CXp4QQuYjGbXN5RxZlQ3 2WbF5liQMgxsPmuVTcgqJJZni1OneAgMtag+0a1W28yR8Ijz9JalcbWOVlYpawXy /wsMh/TVyGhcf6ZCDXaBDA0ucVXcWj9fqfR8kzducHltP1I4lwiaO8RwP3obtg0T nJcdzHHQpT0vIoxcHSRAq7ADtf/JLaL3LgCCwAKc8RiKygMAJop7RIZf3O3HhJrL FI387Y7oBrEUysoGXkHT0GS5sOvCoZJGoWjmFAGZBVAQwbMWdseibNXAWvi8KnlE bCynkYnkrGr1U9QWTmD+gViPoK3NlL6L+KJiy+MtOA64/ZYScvymoEANc5Oi1+u1 X1LnIlO/LcI/a5H1pWz7k1QAA0JFA2y7olxJUIQQCjtx5dRkhPfbzxH0JTlqN/Ta dzQq+zuAllcxVJcmyoFCVVwAuOIdON8g3hCeA0kedHXTHOpFW70jzbmklD+NA7+c vkjR+FywcrNVT2XwL1NHQnSlGJ4Y+AY6+DRT/aHfdFCzh5Jq090= =rl4C -----END PGP SIGNATURE-----