-
python-pysaml2 (7.1.0-0ubuntu2) jammy; urgency=medium
* d/control: Drop old python3-crypto BD in favor of python3-cryptography.
-- Corey Bryant <email address hidden> Fri, 25 Mar 2022 16:40:43 -0400
-
python-pysaml2 (7.1.0-0ubuntu1) jammy; urgency=medium
* New upstream release for OpenStack Yoga.
* d/control: Bump debhelper compat to 13.
* d/p/use-importlib.resources-in-python-3.7.patch: Dropped. Fixed
upstream.
-- Corey Bryant <email address hidden> Wed, 12 Jan 2022 15:05:07 -0500
-
python-pysaml2 (7.0.1-2ubuntu1) jammy; urgency=medium
* d/control: Drop runtime dependency on python3-responses as this is
only used for mocking in unit tests.
* d/control: python3-repoze.who Depends -> Suggests as this is an
optional dependency.
-- James Page <email address hidden> Thu, 16 Dec 2021 11:45:11 +0000
-
python-pysaml2 (7.0.1-2) unstable; urgency=medium
* Uploading to unstable.
-- Thomas Goirand <email address hidden> Wed, 29 Sep 2021 13:21:09 +0200
-
python-pysaml2 (6.1.0-0ubuntu2) impish; urgency=medium
* SECURITY UPDATE: improper verification of cryptographic signature
- debian/patches/CVE-2021-21239.patch: restrict the key data that
xmlsec1 accepts to only x509 certs in src/saml2/sigver.py,
tests/test_xmlsec1_key_data.py,
tests/xmlsec1-keydata/signed-assertion-random-embedded-cert.xml,
tests/xmlsec1-keydata/signed-assertion-with-hmac.xml,
tests/xmlsec1-keydata/signed-response-with-hmac.xml.
- CVE-2021-21239
* debian/patches/python39compat.patch: fix FTBFS with Python 3.9.
-- Marc Deslauriers <email address hidden> Wed, 08 Sep 2021 09:24:25 -0400