[Python-Dev] SSL issues in Python stdlib and 3rd party code (original) (raw)
Christian Heimes christian at python.org
Tue Aug 13 11:06:27 CEST 2013
- Previous message: [Python-Dev] SSL issues in Python stdlib and 3rd party code
- Next message: [Python-Dev] SSL issues in Python stdlib and 3rd party code
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
CVE-2013-4238 has been signed to NULL bytes in subjectAltName issue.
http://bugs.python.org/issue18709 http://www.openwall.com/lists/oss-security/2013/08/13/2
Should we assign a CVE to issue in ssl.match_hostname(), too? Even more projects have copied our code (bzr, tornado, pip, setuptools):
http://bugs.python.org/issue17997 https://bugs.mageia.org/show_bug.cgi?id=10391 https://bugzilla.redhat.com/show_bug.cgi?id=963260#c11
Christian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJSCfcLAAoJEMeIxMHUVQ1FOC0P/0bPHK67qHbLf6HkHiVGNoAe NUX5oT28bm00RyfmjU9ZPA3RWnPjFL9yiVXqP0mWzs4OzdPjGrHkw+uH285d/rFv Di/Bcckq1lz/wzzsBeF/vviPVaSdV3tjlABgl/M6b902XhqEhZGg3RtiWmOvn+tc 1uKnXM4kWr/nUDbKYC2mBqbZD0IvN+XBQcy2cikjEtYcZc4QO80Dq9pL6g+3c4jH 7PpcMDyffsqD+Cd/PKK+Aq2tJOSHdHnK7V3/kTpRd+jheKSnq6idZYwQDU9sOkHT NcVjqJtFkhGTzSD7u1/kNtD0UEleXn8sOxJwBLjcAqg+dV0BUEJk8uwuUn4Mi9Di MaZbCs7NU/gPFdrS9pVxujaKaANbM4BJJwravA1/YYgPOGt1MhWlREbTg6W69w2+ 57/PXs2Vt1nHISEyvCJLkIDVHeZx8ccm57YJ+zEMI2MKIBP7+21zY3Yq+86RwHs0 /h2mkzj8EQVcwvaVT4XfjezMp0A6Tbh/iwIQEbY6zUQ8OSBlbQ7FhF8VNXOqb5fh pSVv0B6j1nNB8IaAAlMC56wRX2cmT8LvejUfGUq0duP+yiDYScknuqnhPePM1PZz oPHSDbbfLI5s0Ab9d0encKKWatNmeoml/V7td5PUEAicDHJ1WnTB+FM9Qxv3qNQn 5J+eNhg2Bjj2en8PnbFo =NiC2 -----END PGP SIGNATURE-----
- Previous message: [Python-Dev] SSL issues in Python stdlib and 3rd party code
- Next message: [Python-Dev] SSL issues in Python stdlib and 3rd party code
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]