-
python-pysaml2 (4.9.0-0ubuntu3.1) focal-security; urgency=medium
* SECURITY UPDATE: improper verification of cryptographic signature
- debian/patches/CVE-2021-21239.patch: restrict the key data that
xmlsec1 accepts to only x509 certs in src/saml2/sigver.py,
tests/test_xmlsec1_key_data.py,
tests/xmlsec1-keydata/signed-assertion-random-embedded-cert.xml,
tests/xmlsec1-keydata/signed-assertion-with-hmac.xml,
tests/xmlsec1-keydata/signed-response-with-hmac.xml.
- CVE-2021-21239
-- Marc Deslauriers <email address hidden> Tue, 22 Jun 2021 11:06:36 -0400
-
python-pysaml2 (4.9.0-0ubuntu3) focal; urgency=medium
* d/p/update-test-metadata-expiration.patch: Cherry pick fix to update
test metadata expiration to 2999 resolving FTBFS (LP: #1870077).
-- James Page <email address hidden> Fri, 03 Apr 2020 11:26:41 +0100
-
python-pysaml2 (4.9.0-0ubuntu2) focal; urgency=medium
* SECURITY UPDATE: Signature in SAML doc not checked properly
- debian/patches/CVE-2020-5390.patch: fix XML signature wrapping
(XSW) in src/saml2/sigver.py, tests/saml2_response_xsw.xml,
tests/test_xsw.py.
- CVE-2020-5390
-- <email address hidden> (Leonidas S. Barbosa) Tue, 21 Jan 2020 15:07:23 -0300
-
python-pysaml2 (4.9.0-0ubuntu1) focal; urgency=medium
* d/control, d/rules, d/*.{postinst,prerm,postrm}: Drop py2 support
as there are no more reverse-depends.
* d/copyright: Drop Files-Excluded. The latest release tarballs no longer
include these files.
* d/watch: Get tarball from github as pypi version is missing files.
* New upstream release for OpenStack Ussuri.
* d/p/fix-test-pathing.patch: Dropped. Test no longer exists.
* d/p/skip-online-tests.patch: Rebased.
* d/rules: Switch to pybuild and 'python3 -m sphinx'.
-- Corey Bryant <email address hidden> Fri, 13 Dec 2019 16:59:07 -0500
-
python-pysaml2 (4.5.0+dfsg1-0ubuntu2) cosmic; urgency=medium
* d/p/skip-online-tests.patch: test_load_remote_encoding skip,
online test.
-- James Page <email address hidden> Tue, 14 Aug 2018 13:50:48 +0100
