Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.
{ "availability": "No subscription required", "ubuntu_priority": "negligible", "binaries": [ { "binary_version": "4.5.0+dfsg1-0ubuntu2", "binary_name": "python-pysaml2" }, { "binary_version": "4.5.0+dfsg1-0ubuntu2", "binary_name": "python-pysaml2-doc" }, { "binary_version": "4.5.0+dfsg1-0ubuntu2", "binary_name": "python3-pysaml2" } ] }