An XML XEE discovered in dev-python/pysaml2 by Matias P. Brutti.
dev-python/pysaml2 does not sanitize SAML XML requests or responses.
Upstream issue: https://github.com/rohe/pysaml2/issues/366
Upstream patch: https://github.com/fruechel/pysaml2/commit/6e09a25d9b4b7aa7a506853210a9a14100b8bc9b
CVE request: http://www.openwall.com/lists/oss-security/2017/01/10/6
no release with it yet, and openstack requires <pysaml2-4.0.3 to avoid the pycryptodome change.
so... I backported the patch and released 4.0.2-r1
arches, please stabilize =dev-python/pysaml2-4.0.2-r1
Maintainer(s), please cleanup.
Security, please vote.
cleaned up, removing from cc
GLSA Vote: No
Repository is clean.