[Python-Dev] SSL issues in Python stdlib and 3rd party code
Christian Heimes
christian at python.org
Tue Aug 13 11:06:27 CEST 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
CVE-2013-4238 has been signed to NULL bytes in subjectAltName issue.
http://bugs.python.org/issue18709
http://www.openwall.com/lists/oss-security/2013/08/13/2
Should we assign a CVE to issue in ssl.match_hostname(), too? Even
more projects have copied our code (bzr, tornado, pip, setuptools):
http://bugs.python.org/issue17997
https://bugs.mageia.org/show_bug.cgi?id=10391
https://bugzilla.redhat.com/show_bug.cgi?id=963260#c11
Christian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJSCfcLAAoJEMeIxMHUVQ1FOC0P/0bPHK67qHbLf6HkHiVGNoAe
NUX5oT28bm00RyfmjU9ZPA3RWnPjFL9yiVXqP0mWzs4OzdPjGrHkw+uH285d/rFv
Di/Bcckq1lz/wzzsBeF/vviPVaSdV3tjlABgl/M6b902XhqEhZGg3RtiWmOvn+tc
1uKnXM4kWr/nUDbKYC2mBqbZD0IvN+XBQcy2cikjEtYcZc4QO80Dq9pL6g+3c4jH
7PpcMDyffsqD+Cd/PKK+Aq2tJOSHdHnK7V3/kTpRd+jheKSnq6idZYwQDU9sOkHT
NcVjqJtFkhGTzSD7u1/kNtD0UEleXn8sOxJwBLjcAqg+dV0BUEJk8uwuUn4Mi9Di
MaZbCs7NU/gPFdrS9pVxujaKaANbM4BJJwravA1/YYgPOGt1MhWlREbTg6W69w2+
57/PXs2Vt1nHISEyvCJLkIDVHeZx8ccm57YJ+zEMI2MKIBP7+21zY3Yq+86RwHs0
/h2mkzj8EQVcwvaVT4XfjezMp0A6Tbh/iwIQEbY6zUQ8OSBlbQ7FhF8VNXOqb5fh
pSVv0B6j1nNB8IaAAlMC56wRX2cmT8LvejUfGUq0duP+yiDYScknuqnhPePM1PZz
oPHSDbbfLI5s0Ab9d0encKKWatNmeoml/V7td5PUEAicDHJ1WnTB+FM9Qxv3qNQn
5J+eNhg2Bjj2en8PnbFo
=NiC2
-----END PGP SIGNATURE-----
More information about the Python-Dev
mailing list