python-pysaml2 (2.0.0-1+deb8u3) jessie-security; urgency=medium

  * Non-maintainer upload by the LTS team.
  * CVE-2020-5390: XML signature wrapping.

 -- Emilio Pozuelo Monfort <pochu@debian.org>  Wed, 26 Feb 2020 10:54:44 +0100

python-pysaml2 (2.0.0-1+deb8u2) jessie-security; urgency=high

  * Non-maintainer upload by the LTS team.
  * Fix CVE-2017-1000433:
    Pysaml2 would accept any password when run with python optimizations
    enabled. This allows attackers to log in as any user without knowing their
    password. (Closes: #886423)

 -- Markus Koschany <apo@debian.org>  Sun, 01 Jul 2018 00:40:05 +0200

python-pysaml2 (2.0.0-1+deb8u1) jessie-security; urgency=medium

  * Fix XXE issues on anything where pysaml2 parses XML directly:
    - CVE-2016-10127: backporting upstream patch (Closes: #850716).
    - add python-defusedxml as runtime depends.
    - switch debian/gbp.conf to use debian/jessie as packaging branch.
  * Add python-pymongo as (build-)depends.

 -- Thomas Goirand <zigo@debian.org>  Mon, 09 Jan 2017 16:54:24 +0100

python-pysaml2 (2.0.0-1) unstable; urgency=medium

  * Initial release. (Closes: #760824)

 -- Thomas Goirand <zigo@debian.org>  Mon, 08 Sep 2014 16:11:53 +0800
