oss-sec mailing list archives
CVE request: python-pysaml2 XML external entity attack
From: Sébastien Delafond <seb () debian org>
Date: Tue, 10 Jan 2017 08:29:39 +0100
Hello, the Debian security team would like to request a CVE for an XML XEE discovered in python-pysaml2 by Matias P. Brutti; python-pysaml2 does not sanitize SAML XML requests or responses: https://github.com/rohe/pysaml2/issues/366 https://github.com/rohe/pysaml2/pull/379 https://bugs.debian.org/850716 Cheers, --Seb
Current thread:
- CVE request: python-pysaml2 XML external entity attack Sébastien Delafond (Jan 10)
- Re: CVE request: python-pysaml2 XML external entity attack cve-assign (Jan 10)
- Re: Re: CVE request: python-pysaml2 XML external entity attack Doran Moppert (Jan 10)
- Re: Re: CVE request: python-pysaml2 XML external entity attack Doran Moppert (Jan 18)
- Re: CVE request: python-pysaml2 XML external entity attack cve-assign (Jan 19)
- Re: CVE request: python-pysaml2 XML external entity attack cve-assign (Jan 10)