CVE-2017-1000433

Priority
Description
pysaml2 version 4.4.0 and older accept any password when run with python
optimizations enabled. This allows attackers to log in as any user without
knowing their password.
Assigned-to
leosilva
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (3.0.0-3ubuntu1.16.04.3)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.0.2-0ubuntu3)
Patches:
Upstream:https://github.com/rohe/pysaml2/commit/efe27e2f40bf1c35d847f935ba74b4b86aa90fb5
More Information

Updated: 2019-03-19 12:28:13 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)