On 8/13/2013 5:06 AM, Christian Heimes wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
CVE-2013-4238 has been signed to NULL bytes in subjectAltName issue.
assigned...
http://bugs.python.org/issue18709
http://www.openwall.com/lists/oss-security/2013/08/13/2
Should we assign a CVE to issue in ssl.match_hostname(), too? Even
more projects have copied our code (bzr, tornado, pip, setuptools):
http://bugs.python.org/issue17997
https://bugs.mageia.org/show_bug.cgi?id=10391
https://bugzilla.redhat.com/show_bug.cgi?id=963260#c11
I personlly thought that the CVE people did the assigning, or are you
talking about asking them? What are the implications of 'yes' versus
'no'? If a number would get more attention, and you think that needed,
do it.
--
Terry Jan Reedy
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
