CVE-2016-10149

Debian Bug report logs - #850716 python-pysaml2: CVE-2016-10149 Package: src:python-pysaml2; Maintainer for src:python-pysaml2 is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Thomas Goirand <zigo@debianorg> Date: Mon, 9 Jan 2017 15:30:05 UTC Severity: serious Tags: patch, security, upstream F ...

The system could be made to expose sensitive information ...

Matias P Brutti discovered that python-pysaml2, a Python implementation of the Security Assertion Markup Language 20, did not correctly sanitize the XML messages it handled This allowed a remote attacker to perform XML External Entity attacks, leading to a wide range of exploits For the stable distribution (jessie), this problem has been fixed ...

Synopsis Moderate: python-defusedxml and python-pysaml2 security update Type/Severity Security Advisory: Moderate Topic An update for python-defusedxml and python-pysaml2 is now available for Red Hat OpenStack Platform 80 (Liberty)Red Hat Product Security has rated this update as having a security impact ...

Synopsis Moderate: python-defusedxml and python-pysaml2 security update Type/Severity Security Advisory: Moderate Topic An update for python-defusedxml and python-pysaml2 is now available for Red Hat OpenStack Platform 90 (Mitaka)Red Hat Product Security has rated this update as having a security impact o ...

Synopsis Moderate: python-defusedxml and python-pysaml2 security update Type/Severity Security Advisory: Moderate Topic An update for python-defusedxml and python-pysaml2 is now available for Red Hat OpenStack Platform 100 (Newton)Red Hat Product Security has rated this update as having a security impact ...

An XML entity expansion vulnerability was found in python-pysaml2 A remote attacker could send a crafted request which would cause denial of service through resource exhaustion ...