Hi Thomas, On Fri, Jan 20, 2017 at 11:02:56AM +0100, Thomas Goirand wrote: > On 01/19/2017 08:02 PM, Salvatore Bonaccorso wrote: > > Hi, > > > > On Mon, Jan 09, 2017 at 04:28:40PM +0100, Thomas Goirand wrote: > >> there was a security hole fixed in python-pysaml2, which allowed XML > >> External Entity attacks: > >> https://github.com/rohe/pysaml2/pull/379 > >> https://github.com/rohe/pysaml2/commit/6e09a25d9b4b7aa7a506853210a9a14100b8bc9b > > > > Apparently there was some confusion. To be clear, the above commit now > > after re-clarification from MITRE is CVE-2016-10149[1], which means > > the initially assigned CVE for the XXE vulnerability in pysaml2 is > > still unfixed. Will open another bug for it. See the comments in the > > references oss-security post for details. > > > > [1] https://marc.info/?l=oss-security&m=148484731923389&w=2 > > > > Regards, > > Salvatore > > Is there a new patch available?
No, TTBOMK, there is no fix yet for that. Regards, Salvatore
