Your message dated Fri, 20 Sep 2013 21:07:01 +0000
with message-id <[email protected]>
and subject line Bug#722055: fixed in pyopenssl 0.13-3.1
has caused the Debian Bug report #722055,
regarding python-openssl: CVE-2013-4314: hostname check bypassing vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
722055: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722055
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: python-openssl
Version: 0.13-2+b2
Severity: important
Tags: security, fixed-upstream
https://mail.python.org/pipermail/pyopenssl-users/2013-September/000478.html
In all prior releases, the string formatting of subjectAltName
X509Extension instances incorrectly truncated fields of the name when
encountering NUL. String formatting of this extension will now include
the NUL byte (escaped) and any following bytes.
Additionally, a bug causing memory to be leaked for each call to
X509.get_extension has been fixed.
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1005325
Please adjust affected version numbers accordingly.
---
Henri Salo
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: pyopenssl
Source-Version: 0.13-3.1
We believe that the bug you reported is fixed in the latest version of
pyopenssl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated pyopenssl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 15 Sep 2013 16:59:07 +0200
Source: pyopenssl
Binary: python-openssl python-openssl-doc python-openssl-dbg python3-openssl
python3-openssl-dbg
Architecture: source amd64 all
Version: 0.13-3.1
Distribution: experimental
Urgency: low
Maintainer: Debian Python Modules Team
<[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Description:
python-openssl - Python 2 wrapper around the OpenSSL library
python-openssl-dbg - Python 2 wrapper around the OpenSSL library (debug
extension)
python-openssl-doc - Python wrapper around the OpenSSL library (documentation
package)
python3-openssl - Python 3 wrapper around the OpenSSL library
python3-openssl-dbg - Python 3 wrapper around the OpenSSL library (debug
extension)
Closes: 722055
Changes:
pyopenssl (0.13-3.1) experimental; urgency=low
.
* Non-maintainer upload.
* Add CVE-2013-4314.patch patch.
CVE-2013-4314: Fix hostname check bypassing vulnerability with server
certificates that have a null byte in the subjectAltName. (Closes: #722055)
Checksums-Sha1:
b8703cf5069584de4133fb9e3afdcbd1b3e5c6b3 2429 pyopenssl_0.13-3.1.dsc
effe54f335f87880beb701a438eca5614d0b0d51 13487 pyopenssl_0.13-3.1.debian.tar.gz
788c9771aa32039e675779d0730840656f26ba86 92288
python-openssl_0.13-3.1_amd64.deb
8de1b5ed2969215e0c61b88d6884ee657a458adb 139250
python-openssl-doc_0.13-3.1_all.deb
6a8cf02a7dd3646c9576beaf754ce3adfd94f76f 208936
python-openssl-dbg_0.13-3.1_amd64.deb
3f064c2764186b85e35e767d80cb5327d5284825 91982
python3-openssl_0.13-3.1_amd64.deb
538c8ddf4b36bcdfb1c9be776cc5778c8f9001ac 223814
python3-openssl-dbg_0.13-3.1_amd64.deb
Checksums-Sha256:
9971d668cf4b42eb79e7a12bdf7f803974dea5e04e9bd21820dbc86990fbab51 2429
pyopenssl_0.13-3.1.dsc
600870f969269a2c5bac0faf186e5fffae4f4031a9e3ec260715c2ed61c3f9d4 13487
pyopenssl_0.13-3.1.debian.tar.gz
7e3ecab18333deecbe59d9bbbf62cf13efd7600b2bd99ae7a2678e2b5be74bf4 92288
python-openssl_0.13-3.1_amd64.deb
e2935115af18775fa0df9a7f9f96bde92f95ac89d299e963c558bb4e373c496d 139250
python-openssl-doc_0.13-3.1_all.deb
9b16d09393e20d4f7525e1253ec1defa8c52567ee45f585136e8edc924d9474a 208936
python-openssl-dbg_0.13-3.1_amd64.deb
e3d00cbc66aff742911dfe6fa4238e04eae8b6fafbd445572993455e90611c1e 91982
python3-openssl_0.13-3.1_amd64.deb
136cdc1bdcd86cffdbe166279201025ccdc8aaf777afc005fc10505978d3a4ab 223814
python3-openssl-dbg_0.13-3.1_amd64.deb
Files:
954459a85c057db4bbda9fe33cc5d40f 2429 python optional pyopenssl_0.13-3.1.dsc
588afec1e88a143ecf355e5d53503211 13487 python optional
pyopenssl_0.13-3.1.debian.tar.gz
dc2a3ae1271bbb357a00f65647330f72 92288 python optional
python-openssl_0.13-3.1_amd64.deb
ac66334d43b6e7cfc7a359e8bfa1802e 139250 doc optional
python-openssl-doc_0.13-3.1_all.deb
318af4853e6f95ceea4f8997285da348 208936 debug extra
python-openssl-dbg_0.13-3.1_amd64.deb
8541d7b9ae791765a4ccdbf8478ff174 91982 python optional
python3-openssl_0.13-3.1_amd64.deb
366a0aecccb8a9990cdde41296911fed 223814 debug extra
python3-openssl-dbg_0.13-3.1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
iQIcBAEBCgAGBQJSNhVrAAoJEHidbwV/2GP+XycQANoYJyBvOukE6zMcafrD7JkS
A6s8hKuUed6ldQKRzxcLIhrxwhsRFamxEPwuhB1QYpUVBMcb9dCcRQ+JYP7FNJDc
2TXLCEBups74RJWBmkaaT4Vf0EA2YD86KKOtuzRM786g0q7kSOK1t08i7gfjuPWN
EYdlGBWQlJtuunZHmAShGAoxuKvLYiRlzCMxM1FJqKq5r5uKWuDRLn3EI71CZU/z
t+IAnM+8tVvjJ+NPjiOblsxjBUode1DP1cPgaUF+NyJ2o2sU7iCokRTDzW2w9PuK
DAAEX1g9iR2fCEcYqBtQTl0mo4j4jJPkdRbbBcCQSNU0VOzdR0PQPovKyc8BSAbe
1B8DQEGxTbE9hll+9EH+tHpl8sNfVUCRoY3kgRsygutpqdKHqjys4Od0YE06xQUW
uMFvXL8qcnnypd8LXGJzRI5BOVSJ2RUy8WIyYTOhTDH8aHE5qIhbUbkAEv7njh0F
wwFcHdAoirGWSeRMANTH4KLfGSrwMnKBtKJEfCuidp4V2hSJwqwvqhmVXoKrN8CR
5HlDsow9wfjXSGMhm/P/tomJ7At8oFSbXkOeVQM9eMMa+oUZxNsuB2iV+K825/x1
uctm72EGEccbUJUGtq4aELldkfDn3wF1Ng3QXCEx59JI8Ib5NlL+wqwQqHQJvQNg
KQp3+9QcLydWyPuxA95/
=oLSq
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Python-modules-team mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-modules-team
