pyOpenSSL not v26.0.0 (CVE-2026-27459)

[cxuanyi-w]

Hello Sir/Madam

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to set_cookie_generate_callback returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0.0, cookie values that are too long are now rejected.

Right now we are using the latest pysaml2: v24.2.1

Will be an upgrade to pyOpenSSL to v26.0.0 and above?

Thanks!

[peppelinux]

waiting for this important update, I did it in my fork master...peppelinux:pysaml2:pplnx-v7.5.4-1