[security] python-openid / XXE ?
romanvinohradsky at seznam.cz
romanvinohradsky at seznam.cz
Tue Jan 28 16:47:25 UTC 2014
Hello list,
it has come to my attention that this: http://www.ubercomp.com/posts/2014-01
-16_facebook_remote_code_execution
(http://www.ubercomp.com/posts/2014-01-16_facebook_remote_code_execution)
exists.
Reginaldo mentions "I won't enumerate the libraries here, but let me just
say that this single bug affected, in one way or another, libraries
implemented in Java, C#, PHP, Ruby, Python, Perl, and then more..."
I run a server with python-openid and I would like to know whether this bug
also affects the python implementation. If it does, it would be nice to have
a fix or workaround in the meantime.
Thanks,
Roman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20140128/ebe61ba5/attachment.html>
More information about the security
mailing list