File tree Expand file tree Collapse file tree 1 file changed +7
-3
lines changed
Expand file tree Collapse file tree 1 file changed +7
-3
lines changed Original file line number Diff line number Diff line change @@ -78,9 +78,10 @@ GitHub’s guidance on managing these types of vulnerabilities.
7878
7979## List of published security advisories
8080
81- - CVE-2021 -21239 - PySAML2 - To be announced on 2021/01/20
82- - CVE-2021 -21238 - PySAML2 - To be announced on 2021/01/20
83- - [ CVE-2020 -5390] - PySAML2 - Improper Verification of Cryptographic Signature
81+ - [ CVE-2021 -21239] - PySAML2: Unspecified xmlsec1 key-type preference
82+ - [ CVE-2021 -21238] - PySAML2: Processing of invalid SAML XML documents
83+ - [ CVE-2020 -5390] - PySAML2: Improper Verification of Cryptographic Signature
84+ - [ CVE-2017 -1000246] - PySAML2: Always generate a random IV for AES operations
8485
8586
8687 [ idpy-incident-response ] : https://github.com/IdentityPython/Governance/blob/master/idpy-incidentresponse.md
@@ -91,4 +92,7 @@ GitHub’s guidance on managing these types of vulnerabilities.
9192 [ gh-sec-advisories ] : https://docs.github.com/en/github/managing-security-vulnerabilities/about-github-security-advisories
9293 [ gh-watch-individual ] : https://docs.github.com/en/github/managing-subscriptions-and-notifications-on-github/viewing-your-subscriptions#configuring-your-watch-settings-for-an-individual-repository
9394
95+ [ CVE-2017-1000246 ] : https://github.com/advisories/GHSA-cq94-qf6q-mf2h
9496 [ CVE-2020-5390 ] : https://github.com/advisories/GHSA-qf7v-8hj3-4xw7
97+ [ CVE-2021-21238 ] : https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-f4g9-h89h-jgv9
98+ [ CVE-2021-21239 ] : https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-5p3x-r448-pc62
You can’t perform that action at this time.
0 commit comments