An XML XEE discovered in dev-python/pysaml2 by Matias P. Brutti. dev-python/pysaml2 does not sanitize SAML XML requests or responses. Upstream issue: https://github.com/rohe/pysaml2/issues/366 Upstream patch: https://github.com/fruechel/pysaml2/commit/6e09a25d9b4b7aa7a506853210a9a14100b8bc9b
CVE request: http://www.openwall.com/lists/oss-security/2017/01/10/6
no release with it yet, and openstack requires <pysaml2-4.0.3 to avoid the pycryptodome change. so... I backported the patch and released 4.0.2-r1
arches, please stabilize =dev-python/pysaml2-4.0.2-r1
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please vote.
cleaned up, removing from cc
GLSA Vote: No Repository is clean.