-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 01 Jul 2018 00:40:05 +0200 Source: python-pysaml2 Binary: python-pysaml2 python-pysaml2-doc Architecture: source all Version: 2.0.0-1+deb8u2 Distribution: jessie-security Urgency: high Maintainer: PKG OpenStack <openstack-devel@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: python-pysaml2 - SAML Version 2 to be used in a WSGI environment - Python 2.x python-pysaml2-doc - SAML Version 2 to be used in a WSGI environment - doc Closes: 886423 Changes: python-pysaml2 (2.0.0-1+deb8u2) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2017-1000433: Pysaml2 would accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password. (Closes: #886423) Checksums-Sha1: b0e27b3ea491728e19756dd884309582efcf527c 2548 python-pysaml2_2.0.0-1+deb8u2.dsc 3010995b31b0088bc5a075b0a772bdaf8bfe79f4 6576 python-pysaml2_2.0.0-1+deb8u2.debian.tar.xz b282835909c963dfb5fa064e77445ca77ddaa77e 177070 python-pysaml2_2.0.0-1+deb8u2_all.deb 533bdebb5ad6d6f7c1460cc8fdedd5469d80ff7b 38118 python-pysaml2-doc_2.0.0-1+deb8u2_all.deb Checksums-Sha256: 725324a9555e92a230b45b70375c1c8115c6898072a08f0bb6036f8364b17ac8 2548 python-pysaml2_2.0.0-1+deb8u2.dsc 1e90f8a36b512e525057ad5a3c857921ffe60151b31c5652cfe7a81e78af9c20 6576 python-pysaml2_2.0.0-1+deb8u2.debian.tar.xz d922bb013d8c521ae2fd4cac4e0084c071833740def39992e4ca725247ac5d64 177070 python-pysaml2_2.0.0-1+deb8u2_all.deb fa610cce00809f19c5ea488f3877fd6b26e04ff2fda4e4ebfe8ae42870c0e0d3 38118 python-pysaml2-doc_2.0.0-1+deb8u2_all.deb Files: 9f949f830e82a235c5e1676e31c5c8b6 2548 python optional python-pysaml2_2.0.0-1+deb8u2.dsc 8f2828ebdc7eb66952df61505dd7df0e 6576 python optional python-pysaml2_2.0.0-1+deb8u2.debian.tar.xz 8684f55bfcc7479f0128d90cc7aaefa9 177070 python optional python-pysaml2_2.0.0-1+deb8u2_all.deb 25f92ba512d29739ab3c94bbd7c4ce6b 38118 doc optional python-pysaml2-doc_2.0.0-1+deb8u2_all.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAls43fNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkeBEP/iAYSEOkXxgM2lqzKIt+ePIXGzGV/mA8f9qo JL/WPAkuXeDGdEcCqRGvmQTDL2p+IGjU9B32w/mnurS7n3eiEq8ikhrJkNtRQr/g wZafELulSzCLO69sDbGs/98Zl9SVrNPe2tez6PFuaeyHmqmHDR5YA+l8FqngYKZx 7JB7hl/AY7feLjmUOrw9KfNoMPQpsncg+Y2UdEGZFWxh5NNt3ffpx+N8y6bkDEPC Ml+r73Cj/GVmejMxJzZ8rcDKPYIPf44ctFz/uMjI6nn87h9tRqPrzYA8ONX1taiM z6iebDS7OKePwp4vqoIRC3VlhCABUiexpLaIsaDiJDNrWS61/AlJVV6VZVDaBssR gGhPH8lS0cxTDmnDiSLFY09mBAVh/n5G/1xabukhm2TprnKuYby+5uVFnH8cBdBh vB9ZX6ocpFcbV0Qw5cLSfmFaAWMtaaSM+RakNwLHCEU2vz7tLExBiSMZY//EzCnQ G5M/J4aydHaFKiNf0c8UloZvBIYS4sxUz7lc2QzUpt5eVSFud1O974lgcMJOtSzV Xlol+i9LuRjVNGNyAjEaf4B8gP2IITC92k6kvof/REOfhR1KVG/mzejFlMnV8g6k vQhpTjQv1SW2zGtB8k429P4V5gRHYo69v+RA7mc5LvUWnKdzQGnlbNt+5YfqkDFd jA1mtS/u =EiJf -----END PGP SIGNATURE-----
