[Python-modules-team] Bug#709070: marked as done (python(3)-urllib3: possible abuse of match_hostname() for DoS usings certs with many wildcards)

Debian Bug Tracking System Mon, 20 May 2013 12:06:38 -0700

Your message dated Mon, 20 May 2013 19:03:02 +0000
with message-id <[email protected]>
and subject line Bug#709070: fixed in python-urllib3 1.6-2
has caused the Debian Bug report #709070,
regarding python(3)-urllib3: possible abuse of match_hostname() for DoS usings 
certs with many wildcards
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
709070: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709070
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: python3
Version: 3.2.3-6
Severity: normal
Tags: security

CVE request: http://www.openwall.com/lists/oss-security/2013/05/15/6
Upstream: http://bugs.python.org/issue17980

---
Henri Salo

signature.asc
Description: Digital signature

--- End Message ---

--- Begin Message ---

Source: python-urllib3
Source-Version: 1.6-2

We believe that the bug you reported is fixed in the latest version of
python-urllib3, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Daniele Tricoli <[email protected]> (supplier of updated python-urllib3 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 20 May 2013 19:34:17 +0200
Source: python-urllib3
Binary: python-urllib3 python3-urllib3
Architecture: source all
Version: 1.6-2
Distribution: unstable
Urgency: high
Maintainer: Debian Python Modules Team 
<[email protected]>
Changed-By: Daniele Tricoli <[email protected]>
Description: 
 python-urllib3 - HTTP library with thread-safe connection pooling for Python
 python3-urllib3 - HTTP library with thread-safe connection pooling for Python3
Closes: 709070
Changes: 
 python-urllib3 (1.6-2) unstable; urgency=high
 .
   * debian/patches/06_fix_abuse_of_match_hostname_for_DoS.patch
     - Added upstream patch to fix possible abuse of ssl.match_hostname()
       for denial of service using certificates with many wildcards
       (CVE-2013-2099) (Closes: #709070) Thanks Henri Salo and Jakub
       Wilk for the report
Checksums-Sha1: 
 5491321997b57c891e4c5207f0f0e310a575e168 2181 python-urllib3_1.6-2.dsc
 56b6f7bbe89272cd546666c7b9fc348f5fccfbd3 6706 
python-urllib3_1.6-2.debian.tar.gz
 23016197238c7a65505c8bc552750d902653feb5 39000 python-urllib3_1.6-2_all.deb
 d6b002ca09ac0d16cf2954a35a5ebcf1958cb0b0 37596 python3-urllib3_1.6-2_all.deb
Checksums-Sha256: 
 5618e1e6c3fc9fd7b05fdd77062cff0fba01750cc49ddd3cf4290a96f0f6b9b5 2181 
python-urllib3_1.6-2.dsc
 54f7dda5274c0ff13aa248fda300f0e91cfc188ed3e8bac173ea5a4de83a6b24 6706 
python-urllib3_1.6-2.debian.tar.gz
 484bd6a5a2baa3b25ccbf5ca2d28fef51729fcfb6be4062139a5f3b0c8a9e6a1 39000 
python-urllib3_1.6-2_all.deb
 eaaa4d2cca4ecfec59de3dc77843206f6209823371ef6911063a517d2361409d 37596 
python3-urllib3_1.6-2_all.deb
Files: 
 7b42f20671c2848e45c64dd639a53e48 2181 python optional python-urllib3_1.6-2.dsc
 a893ea4a37ac48c2e47760d779bceb7a 6706 python optional 
python-urllib3_1.6-2.debian.tar.gz
 8390d949d612302656bb49acf431a850 39000 python optional 
python-urllib3_1.6-2_all.deb
 767abad563ff05ad143f1617c9a4bda8 37596 python optional 
python3-urllib3_1.6-2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJRmnIzAAoJEK728aKnRXZFNukP/AyLcCY+bsZzZM7aAedpBFCQ
XXyExWEFSU0xNbHuARVatVAvD8DwbdMqzVEx3rQBnRgsMKYVjr607oP6VNvW0TY3
p2k54m6L9A9KZNbp6U36O37hJwCaWUq2UA19il7jode/175ElWbdn7R3wYVB4e1o
brblTatjHodRjTCX32okPRXoZcBfPwutchPKV1bzGa5VYTE05I6zZ11/CoTP7WkP
2h4QwhjA8yed+pag4UnzGTaMD86cqVZ8BEJsYKW/+aXY+GScNB2oOXaTF0ZaYaer
VwkhBrtHpETB8vH2IccerISr2vWHfhPQFtFp8cg60LYfnEaB6uvyo077HRxLUofX
saMw9U8fGVG3gdaEGCDo1v8nnrLx6w37w/9CKpYCQ01atCoKQLA/MxYYhhnQ9nuP
aFEJpO7IHVlOfi3Z/3BBStCSWSuvYq3JCq71RjzJn0X/DjBZt26EeZtq0NNo2Od8
9xMhFBdtOnXgtpOA0Q0tzRfv75nOzWbGhdcyWMRAn752Kqt1Q/5Yr+eg88a4lEEX
k+utmcztf+VTDTDh6OiCVeMfdBksuXw/DFIxdTH+KtUJV3NNH94JPNUDd2iAPWk5
WfetP+5uoNnWHYj1YbZdsJ8mTK10N6W5p4KRxCFYp1UX6G5hyN7hVOJ+9GyHRwoQ
XS124z9FiZdY1HNfKAZ9
=2052
-----END PGP SIGNATURE-----

--- End Message ---

_______________________________________________
Python-modules-team mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-modules-team

[Python-modules-team] Bug#709070: marked as done (python(3)-urllib3: possible abuse of match_hostname() for DoS usings certs with many wildcards)

Reply via email to