On Thu, Mar 30, 2017 at 09:27:56PM +0200, Salvatore Bonaccorso wrote: > On Thu, Mar 30, 2017 at 02:40:58PM -0400, Antoine Beaupre wrote: > > Package: python-pysaml2 > > X-Debbugs-CC: t...@security.debian.org > > secure-testing-t...@lists.alioth.debian.org > > Severity: normal > > Tags: security > > > > Hi, > > > > the following vulnerability was published for python-pysaml2. > > > > CVE-2016-10127[0]: > > | PySAML2 allows remote attackers to conduct XML external entity (XXE) > > | attacks via a crafted SAML XML request or response. > > As a side note: It can be mentioned for this issue though that a > proper fix would be appropriate in the underlying issue in > src:libxml2. Please though see the whole discussion on oss-security > around the CVE assignment for details.
And https://bugzilla.redhat.com/show_bug.cgi?id=1411794#c12. Salvatore