On Thu, Mar 30, 2017 at 02:40:58PM -0400, Antoine Beaupre wrote: > Package: python-pysaml2 > X-Debbugs-CC: t...@security.debian.org > secure-testing-t...@lists.alioth.debian.org > Severity: normal > Tags: security > > Hi, > > the following vulnerability was published for python-pysaml2. > > CVE-2016-10127[0]: > | PySAML2 allows remote attackers to conduct XML external entity (XXE) > | attacks via a crafted SAML XML request or response.
As a side note: It can be mentioned for this issue though that a proper fix would be appropriate in the underlying issue in src:libxml2. Please though see the whole discussion on oss-security around the CVE assignment for details. Regards, Salvatore
