Summary: | <dev-python/pysaml2-{4.0.2-r3,4.5.0}: Access restriction bypass (CVE-2017-1000433) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | Flags: | stable-bot:
sanity-check+
|
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/rohe/pysaml2/issues/451 | ||
Whiteboard: | B3 [glsa cve] | ||
Package list: |
dev-python/pysaml2-4.0.2-r3
|
Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2018-01-09 14:42:24 UTC
@ Maintainer(s): Please cleanup and drop =dev-python/pysaml2-4.0.2-r1! GLSA Vote: Yes! New GLSA request filed. This issue was resolved and addressed in GLSA 201801-11 at https://security.gentoo.org/glsa/201801-11 by GLSA coordinator Thomas Deutschmann (whissi). This issue was resolved and addressed in GLSA 201801-11 at https://security.gentoo.org/glsa/201801-11 by GLSA coordinator Thomas Deutschmann (whissi). Re-opening for cleanup! @ Maintainer(s): Please cleanup an drop =dev-python/pysaml2-4.0.2-r1! keystone requires pysaml2 4.0.2 (tested with 4.5, didn't pass tests). I've patched 4.0.2 in r2, let me know if that's sufficient to stablize Looks like you have missed to patch "verify()" method. See https://github.com/jkakavas/pysaml2/commit/6312a41e037954850867f29d329e5007df1424a5 and https://github.com/jkakavas/pysaml2/blob/4.0.0/src/saml2/authn.py#L180 ok, fixed in 4.0.3-r3 OK, we now have to stabilize =dev-python/pysaml2-4.0.2-r3. I already updated the GLSA. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=56e17e588296fd1522b5f468d9a35c920e3910a9 commit 56e17e588296fd1522b5f468d9a35c920e3910a9 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2018-01-12 19:34:01 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2018-01-12 19:34:01 +0000 dev-python/pysaml2: x86 stable Bug: https://bugs.gentoo.org/644016 Package-Manager: Portage-2.3.19, Repoman-2.3.6 dev-python/pysaml2/pysaml2-4.0.2-r3.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)} amd64 stable. Maintainer(s), please cleanup. cleaned up, removing from cc Repository is clean, all done. |