CVE-2013-2217

Advisory

Suds-community 0.7.0 addresses CVE-2013-2217.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

- Static (automatic)
`Import.bind('http://schemas.xmlsoap.org/soap/encoding/')`, users no
longer need to do this.
- Basic ws-security with {{{UsernameToken}}} and clear-text password
only.
- Add support for `sparse` SOAP headers via passing dictionary.
- Add support for arbitrary user defined SOAP headers.
- Fixes service operations with multiple SOAP header entries.
- Schema loading and dereferencing algorithm enhancements.
- Nested SOAP multirefs fixed.
- Better (true) support for `elementFormDefault="unqualified"`
provides more accurate namespacing.
- WSDL part types no longer default to WSDL `targetNamespace`.
- Fixed Tickets: 4, 6, 21, 32, 62, 66, 71, 72, 114,
155, 201.

Resources

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2217
• http://lists.opensuse.org/opensuse-updates/2013-07/msg00062.html
• http://www.openwall.com/lists/oss-security/2013/06/27/8
• https://bugzilla.redhat.com/show_bug.cgi?id=978696
• http://www.ubuntu.com/usn/USN-2008-1