diff options
author | Matthew Thode <prometheanfire@gentoo.org> | 2018-01-11 17:29:34 -0600 |
---|---|---|
committer | Matthew Thode <prometheanfire@gentoo.org> | 2018-01-11 17:29:50 -0600 |
commit | 8c31196d00e344da82cf4facf4f6f5d2826c692a (patch) | |
tree | f4d3ede980a08e51116a3741dd268bbb2c66212c /dev-python/pysaml2/files | |
parent | app-admin/metalog: mark 3-r2 arm64/m68k/s390/sh stable (diff) | |
download | gentoo-8c31196d00e344da82cf4facf4f6f5d2826c692a.tar.gz gentoo-8c31196d00e344da82cf4facf4f6f5d2826c692a.tar.bz2 gentoo-8c31196d00e344da82cf4facf4f6f5d2826c692a.zip |
dev-python/pysaml2: fix bug 644016 CVE-2017-1000433
Package-Manager: Portage-2.3.14, Repoman-2.3.6
Diffstat (limited to 'dev-python/pysaml2/files')
-rw-r--r-- | dev-python/pysaml2/files/pysaml-4.0.2_CVE-2017-1000433.patch | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/dev-python/pysaml2/files/pysaml-4.0.2_CVE-2017-1000433.patch b/dev-python/pysaml2/files/pysaml-4.0.2_CVE-2017-1000433.patch new file mode 100644 index 000000000000..e745263d236d --- /dev/null +++ b/dev-python/pysaml2/files/pysaml-4.0.2_CVE-2017-1000433.patch @@ -0,0 +1,14 @@ +diff -Naur pysaml2/src/saml2/authn.py pysaml2.new/src/saml2/authn.py +--- 1/src/saml2/authn.py 2018-01-11 17:23:27.198775074 -0600 ++++ 2/src/saml2/authn.py 2018-01-11 17:22:57.909567278 -0600 +@@ -147,7 +147,8 @@ + return resp + + def _verify(self, pwd, user): +- assert is_equal(pwd, self.passwd[user]) ++ if not is_equal(pwd, self.passwd[user]): ++ raise ValueError("Wrong password") + + def verify(self, request, **kwargs): + """ + |