1:40 p.m.
Dear users of IdentityPython,
this is a heads-up about two vulnerabilities affecting pySAML2.
Software that uses pySAML2 is indirectly affected, too (ie, SATOSA).
The issues were reported to the IdentityPython incident-response
mailing list and we have been working on a mitigation. A new version
of pySAML2 that includes the fixes will be released on Wednesday
20th of January between 13:00 CET and 17:00 CET. We urge
everyone to be prepared to update their setup to the latest version.
Kind regards,
Ivan Kanakarakis on behalf of the incident-response team
2:10 p.m.
New subject: Vulnerabilities affecting pySAML2 and forthcoming release
Hello everyone,
PySAML2 v6.5.0 has been released.
This is a security release with fixes for the two vulnerabilities that
we had mentioned before.
We urge you to update your setup to the latest pySAML2 version.
A new SATOSA release is on its way to accommodate for the security
release of this dependency.
References:
- https://pypi.org/project/pysaml2/6.5.0/
- https://github.com/IdentityPython/pysaml2/releases/tag/v6.5.0
-
https://github.com/IdentityPython/pysaml2/blob/master/CHANGELOG.md#650-2021…
- https://github.com/IdentityPython/pysaml2/security/advisories
Cheers,
On Thu, 7 Jan 2021 at 14:40, Ivan Kanakarakis <ivan.kanak at gmail.com> wrote:
Dear users of IdentityPython,
this is a heads-up about two vulnerabilities affecting pySAML2.
Software that uses pySAML2 is indirectly affected, too (ie, SATOSA).
The issues were reported to the IdentityPython incident-response
mailing list and we have been working on a mitigation. A new version
of pySAML2 that includes the fixes will be released on Wednesday
20th of January between 13:00 CET and 17:00 CET. We urge
everyone to be prepared to update their setup to the latest version.
Kind regards,
Ivan Kanakarakis on behalf of the incident-response team
--
Ivan c00kiemon5ter Kanakarakis >:3
12:21 a.m.
New subject: Vulnerabilities affecting pySAML2 and forthcoming release
Hello again,
an issue was reported regarding the schema checker and a new release -
v6.5.1 - is out to fix this.
- https://pypi.org/project/pysaml2/6.5.1/
- https://github.com/IdentityPython/pysaml2/releases/tag/v6.5.1
Cheers,
On Wed, 20 Jan 2021 at 15:10, Ivan Kanakarakis <ivan.kanak at gmail.com> wrote:
Hello everyone,
PySAML2 v6.5.0 has been released.
This is a security release with fixes for the two vulnerabilities that
we had mentioned before.
We urge you to update your setup to the latest pySAML2 version.
A new SATOSA release is on its way to accommodate for the security
release of this dependency.
References:
- https://pypi.org/project/pysaml2/6.5.0/
- https://github.com/IdentityPython/pysaml2/releases/tag/v6.5.0
-
https://github.com/IdentityPython/pysaml2/blob/master/CHANGELOG.md#650-2021…
- https://github.com/IdentityPython/pysaml2/security/advisories
Cheers,
On Thu, 7 Jan 2021 at 14:40, Ivan Kanakarakis <ivan.kanak at gmail.com> wrote:
--
Ivan c00kiemon5ter Kanakarakis >:3
Dear users of IdentityPython,
this is a heads-up about two vulnerabilities affecting pySAML2.
Software that uses pySAML2 is indirectly affected, too (ie, SATOSA).
The issues were reported to the IdentityPython incident-response
mailing list and we have been working on a mitigation. A new version
of pySAML2 that includes the fixes will be released on Wednesday
20th of January between 13:00 CET and 17:00 CET. We urge
everyone to be prepared to update their setup to the latest version.
Kind regards,
Ivan Kanakarakis on behalf of the incident-response team
--
Ivan c00kiemon5ter Kanakarakis >:3
1193
days inactive
1206
days old
2 comments
1 participants
participants (1)
-
ivan.kanak@gmail.com