CVE-2016-10149

Priority
Medium
Description
XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows
remote attackers to read arbitrary files via a crafted SAML XML request or
response.
References
Bugs
Package
Upstream:released (3.0.0-5)
Ubuntu 17.10 (Artful Aardvark):released (3.0.0-3ubuntu2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (3.0.0-3ubuntu1.16.04.1)
Ubuntu 17.04 (Zesty Zapus):released (3.0.0-3ubuntu1.17.04.1)
Patches:
Upstream:https://github.com/rohe/pysaml2/commit/6e09a25d9b4b7aa7a506853210a9a14100b8bc9b
More Information

Updated: 2017-09-14 18:14:40 UTC (commit 13331)