Your message dated Fri, 20 Sep 2013 21:06:50 +0000
with message-id <[email protected]>
and subject line Bug#722055: fixed in pyopenssl 0.13-2.1
has caused the Debian Bug report #722055,
regarding python-openssl: CVE-2013-4314: hostname check bypassing vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
722055: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722055
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: python-openssl
Version: 0.13-2+b2
Severity: important
Tags: security, fixed-upstream
https://mail.python.org/pipermail/pyopenssl-users/2013-September/000478.html
In all prior releases, the string formatting of subjectAltName
X509Extension instances incorrectly truncated fields of the name when
encountering NUL. String formatting of this extension will now include
the NUL byte (escaped) and any following bytes.
Additionally, a bug causing memory to be leaked for each call to
X509.get_extension has been fixed.
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1005325
Please adjust affected version numbers accordingly.
---
Henri Salo
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: pyopenssl
Source-Version: 0.13-2.1
We believe that the bug you reported is fixed in the latest version of
pyopenssl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated pyopenssl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 14 Sep 2013 11:07:42 +0200
Source: pyopenssl
Binary: python-openssl python-openssl-doc python-openssl-dbg python3-openssl
python3-openssl-dbg
Architecture: source all amd64
Version: 0.13-2.1
Distribution: unstable
Urgency: low
Maintainer: Debian Python Modules Team
<[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Description:
python-openssl - Python 2 wrapper around the OpenSSL library
python-openssl-dbg - Python 2 wrapper around the OpenSSL library (debug
extension)
python-openssl-doc - Python wrapper around the OpenSSL library (documentation
package)
python3-openssl - Python 3 wrapper around the OpenSSL library
python3-openssl-dbg - Python 3 wrapper around the OpenSSL library (debug
extension)
Closes: 722055
Changes:
pyopenssl (0.13-2.1) unstable; urgency=low
.
* Non-maintainer upload.
* Add CVE-2013-4314.patch patch.
CVE-2013-4314: Fix hostname check bypassing vulnerability with server
certificates that have a null byte in the subjectAltName. (Closes: #722055)
Checksums-Sha1:
e552acfc5fc6035b5199be5f071786ba26acbaea 2430 pyopenssl_0.13-2.1.dsc
28581c63f2379030f9e4b1012def1800df9a47e9 13466 pyopenssl_0.13-2.1.debian.tar.gz
76210186695af9d98ee9a4661d4ba1bf5576576e 139210
python-openssl-doc_0.13-2.1_all.deb
8805e1738bfc323f7024ce0edc98c0a95e996cc6 92442
python-openssl_0.13-2.1_amd64.deb
06cb0dc62acbbc9140daa3a2abb4b777d732633d 209042
python-openssl-dbg_0.13-2.1_amd64.deb
5001ff3a46fc3af4af947dabff59010d7d2ee57d 92088
python3-openssl_0.13-2.1_amd64.deb
2dc7f2cb3d6240176e2ca9c0451b7d968f5c2df2 223898
python3-openssl-dbg_0.13-2.1_amd64.deb
Checksums-Sha256:
926f8199fafd34e9959ad2295fad3fec09e0ba67c0fa2f14dac334474645a3f0 2430
pyopenssl_0.13-2.1.dsc
44b6d186636c18251beb783fe3a2694462a16e9b63e126e7c388b364d200cb47 13466
pyopenssl_0.13-2.1.debian.tar.gz
455fde5fec75196e4534171d62061a2116c0f362f3a0478413ca7075033b81c7 139210
python-openssl-doc_0.13-2.1_all.deb
043df34733b125ea0953f39418c14385694f77bfefab2f2b6b4e470179087e12 92442
python-openssl_0.13-2.1_amd64.deb
a15bb1aa0927f46ccdcd541e2f7d0a74de3edc199950298fb75096bc2c90a4d9 209042
python-openssl-dbg_0.13-2.1_amd64.deb
ca438b784578a1d157c4db8a6a6d944f992a119ff96db37798a0ace05d69d7da 92088
python3-openssl_0.13-2.1_amd64.deb
0055b5d7bada450dfc4054644784634fe12ef55deb4fdd9aef5d08c0d6b532b3 223898
python3-openssl-dbg_0.13-2.1_amd64.deb
Files:
91663e679867a194acd89d6e2943d2f5 2430 python optional pyopenssl_0.13-2.1.dsc
71f2ad69e321aa247c9290a979eb23c0 13466 python optional
pyopenssl_0.13-2.1.debian.tar.gz
8e4853c0462d0fda85831b788374d9f0 139210 doc optional
python-openssl-doc_0.13-2.1_all.deb
23f03e823f865e62e74e972e66d2f386 92442 python optional
python-openssl_0.13-2.1_amd64.deb
43de8aa6179aaebf1ee606ebef4cd58e 209042 debug extra
python-openssl-dbg_0.13-2.1_amd64.deb
62e2ae4bbb1a8baccfb812bbd898de53 92088 python optional
python3-openssl_0.13-2.1_amd64.deb
3e00a36d3fa4565f3f63ab7d3b786203 223898 debug extra
python3-openssl-dbg_0.13-2.1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
iQIcBAEBCgAGBQJSNhOWAAoJEHidbwV/2GP+AAoQAMWsRiUqM2sSWXw/NlaaXGwO
g6vmIVhpPg+nanW0tIDjkJfly3vNlDWzVoHkFoy/Rl+HyS+7nfn8mffnum0uuIPG
m3+dUlQ9nJv0eUjgxqr2NUJCy1Naa/v5EDx2qhkiadbnR6jLrBFGbjP0rkMSsKY+
juh+waKo9p4EvPNV63O3kxBQcygQvPho/PgNIWDK+ZaMhM3OQQw71l4WmQ3lurj8
Qp2wHPy0Frf/TqQeDd5ROPuWgd8HMvTo8wxpcjqqmc1berhEKGGIEGxwLre4w1kd
5HRacWEZyFAVcCk7mb3mDSCm74N1wUA/V7NUzYlAVoyFCFVMTtQc3f3YNnYtCH6w
84qIZE9601uXlz0OWObgjgvxm/koDOkI8kJNGjxPSnKyPFHmkqiZm7LBs6aIaFSO
Iq6hJAG1PwVfoDn+4EVg6nkdGI0m0VKBLWKTsMonzyc3oQWZjsiDZPsOTlYSxS4+
7tAmWWlnQOxgR54H+4HSGVOmKMLDzUajrPPHY5Qwczioz/eGZrUaMfARkNvtcsEt
6YbROwnk8xmMZj5yUSe4Mu4rjUhDveWIh73O48c3BnGS1jok+sc8xejr+reIbusQ
+8T1N4UXgzcEOsEIkDZMNb5BE0F5d16HwAp1BJK/7DsNhoE3CFH9Bh00OgfwgqLT
Fraq/Hs2ffaEctwr2G61
=IYsT
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Python-modules-team mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-modules-team
