Accepted python-pysaml2 4.5.0-4+deb10u1 (source all) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 07 Feb 2020 09:27:20 +0100
Source: python-pysaml2
Binary: python-pysaml2 python-pysaml2-doc python3-pysaml2
Architecture: source all
Version: 4.5.0-4+deb10u1
Distribution: buster-security
Urgency: medium
Maintainer: Debian OpenStack <team+openstack@tracker.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Description:
python-pysaml2 - SAML Version 2 to be used in a WSGI environment - Python 2.x
python-pysaml2-doc - SAML Version 2 to be used in a WSGI environment - doc
python3-pysaml2 - SAML Version 2 to be used in a WSGI environment - Python 3.x
Closes: 949227 949322
Changes:
python-pysaml2 (4.5.0-4+deb10u1) buster-security; urgency=medium
.
* CVE-2020-5390: does not check that the signature in a SAML document is
enveloped and thus signature wrapping is effective, i.e., it is affected by
XML Signature Wrapping (XSW). Applied upstream patch: Fix XML Signature
Wrapping (XSW) vulnerabilities (Closes: #949322).
* Remove a test file that will fail past 2020-11-28 (Closes: #949227).
* Add fix-importing-mock-in-py2.7.patch.
* Add remove-test_switch_1.patch.
Checksums-Sha1:
bf1dd67d1c7c58a83ffb7835258201b98e5c0e87 2933 python-pysaml2_4.5.0-4+deb10u1.dsc
37d0cb194b322f858836282130ddea2e7fd352de 2694552 python-pysaml2_4.5.0.orig.tar.xz
fc4f63c29f46e62f2a34c4c6d8c435bcdc845a60 15212 python-pysaml2_4.5.0-4+deb10u1.debian.tar.xz
2f871221e72dfd08a755a75f50cbe434e292fab0 51268 python-pysaml2-doc_4.5.0-4+deb10u1_all.deb
34a8dcd2aab907e2b75010803d59b2fed9682dd1 202024 python-pysaml2_4.5.0-4+deb10u1_all.deb
ba1a64ece07f657d9862ce77fee5978693439988 11002 python-pysaml2_4.5.0-4+deb10u1_amd64.buildinfo
8866cceded75a98643850790fea817a576cca55d 202048 python3-pysaml2_4.5.0-4+deb10u1_all.deb
Checksums-Sha256:
7666259a25a9a905927bd07e3770bc51a2b11a354fc88eb144caa5060ef197ce 2933 python-pysaml2_4.5.0-4+deb10u1.dsc
3e1a807fc82998883d8648624fabcda57a446a198e297c36a14e7969c4c2ddc1 2694552 python-pysaml2_4.5.0.orig.tar.xz
c09d116988a6af9273c4f2a8a7b59b07d619ae0144e822f50b0900049a187b19 15212 python-pysaml2_4.5.0-4+deb10u1.debian.tar.xz
e2ba9e52d314a0467ecea1aa788071bd25f59fcd55e1c4d218df5dc3b915d131 51268 python-pysaml2-doc_4.5.0-4+deb10u1_all.deb
fc910e862e69769b5114d7d56dcb96faf34cc02570fc3fb3bd8959c00a197583 202024 python-pysaml2_4.5.0-4+deb10u1_all.deb
52fb3e3b3a2f6c7a5286c42fb1c922f5a7dc6436ffc8b0e5a826a38aab5a6a02 11002 python-pysaml2_4.5.0-4+deb10u1_amd64.buildinfo
f59e95ea531b8115b7e3c0917ab323e18f824878b8bbbdba775136ee7d23a8be 202048 python3-pysaml2_4.5.0-4+deb10u1_all.deb
Files:
692b1afb3c45e513ed0a0736e8d9a19d 2933 python optional python-pysaml2_4.5.0-4+deb10u1.dsc
87b88150b7507cce0d39c138aa09a31f 2694552 python optional python-pysaml2_4.5.0.orig.tar.xz
d90a7cf0feb7aad7b9cf09a0ddc5832f 15212 python optional python-pysaml2_4.5.0-4+deb10u1.debian.tar.xz
8b4cd0e61cc4e722fbe94e44178c2e97 51268 doc optional python-pysaml2-doc_4.5.0-4+deb10u1_all.deb
1438704a318fdb2af34f72ac0304e5bc 202024 python optional python-pysaml2_4.5.0-4+deb10u1_all.deb
c96a20c99d3fb3112ab4dafbd3904752 11002 python optional python-pysaml2_4.5.0-4+deb10u1_amd64.buildinfo
e1fb616220dbf9844d65613866aa6619 202048 python optional python3-pysaml2_4.5.0-4+deb10u1_all.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAl5GfAEACgkQ1BatFaxr
Q/6bKRAAja+ZS/9pXqgztf9KXq6cuB0iplKLNGNRQkbiMdM4WYPxUGTjlsAj+8+A
dMpqsZ+GaS1noDOS+ZUDvhy7IlVczlMctam5+pIMvAYNb5X7100srTL2rYWJ7Ke0
NpsQ9+fR7y0Tm7bu94x6JunjRQkpVQYskZ6ZmGIIr+55CXp4QQuYjGbXN5RxZlQ3
2WbF5liQMgxsPmuVTcgqJJZni1OneAgMtag+0a1W28yR8Ijz9JalcbWOVlYpawXy
/wsMh/TVyGhcf6ZCDXaBDA0ucVXcWj9fqfR8kzducHltP1I4lwiaO8RwP3obtg0T
nJcdzHHQpT0vIoxcHSRAq7ADtf/JLaL3LgCCwAKc8RiKygMAJop7RIZf3O3HhJrL
FI387Y7oBrEUysoGXkHT0GS5sOvCoZJGoWjmFAGZBVAQwbMWdseibNXAWvi8KnlE
bCynkYnkrGr1U9QWTmD+gViPoK3NlL6L+KJiy+MtOA64/ZYScvymoEANc5Oi1+u1
X1LnIlO/LcI/a5H1pWz7k1QAA0JFA2y7olxJUIQQCjtx5dRkhPfbzxH0JTlqN/Ta
dzQq+zuAllcxVJcmyoFCVVwAuOIdON8g3hCeA0kedHXTHOpFW70jzbmklD+NA7+c
vkjR+FywcrNVT2XwL1NHQnSlGJ4Y+AY6+DRT/aHfdFCzh5Jq090=
=rl4C
-----END PGP SIGNATURE-----