[Python-Dev] SSL issues in Python stdlib and 3rd party code
Terry Reedy
tjreedy at udel.edu
Tue Aug 13 18:37:45 CEST 2013
On 8/13/2013 5:06 AM, Christian Heimes wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> CVE-2013-4238 has been signed to NULL bytes in subjectAltName issue.
assigned...
>
> http://bugs.python.org/issue18709
> http://www.openwall.com/lists/oss-security/2013/08/13/2
>
> Should we assign a CVE to issue in ssl.match_hostname(), too? Even
> more projects have copied our code (bzr, tornado, pip, setuptools):
>
> http://bugs.python.org/issue17997
> https://bugs.mageia.org/show_bug.cgi?id=10391
> https://bugzilla.redhat.com/show_bug.cgi?id=963260#c11
I personlly thought that the CVE people did the assigning, or are you
talking about asking them? What are the implications of 'yes' versus
'no'? If a number would get more attention, and you think that needed,
do it.
--
Terry Jan Reedy
More information about the Python-Dev
mailing list