[Python-modules-team] Bug#722055: marked as done (python-openssl: CVE-2013-4314: hostname check bypassing vulnerability)

Debian Bug Tracking System Tue, 24 Sep 2013 14:53:54 -0700

Your message dated Tue, 24 Sep 2013 21:47:06 +0000
with message-id <[email protected]>
and subject line Bug#722055: fixed in pyopenssl 0.13-2+deb7u1
has caused the Debian Bug report #722055,
regarding python-openssl: CVE-2013-4314: hostname check bypassing vulnerability
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
722055: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722055
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: python-openssl
Version: 0.13-2+b2
Severity: important
Tags: security, fixed-upstream

https://mail.python.org/pipermail/pyopenssl-users/2013-September/000478.html

In all prior releases, the string formatting of subjectAltName
X509Extension instances incorrectly truncated fields of the name when
encountering NUL.  String formatting of this extension will now include
the NUL byte (escaped) and any following bytes.

Additionally, a bug causing memory to be leaked for each call to
X509.get_extension has been fixed.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1005325

Please adjust affected version numbers accordingly.

---
Henri Salo

signature.asc
Description: Digital signature

--- End Message ---

--- Begin Message ---

Source: pyopenssl
Source-Version: 0.13-2+deb7u1

We believe that the bug you reported is fixed in the latest version of
pyopenssl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated pyopenssl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 16 Sep 2013 19:20:53 +0200
Source: pyopenssl
Binary: python-openssl python-openssl-doc python-openssl-dbg python3-openssl 
python3-openssl-dbg
Architecture: source all amd64
Version: 0.13-2+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Debian Python Modules Team 
<[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Description: 
 python-openssl - Python 2 wrapper around the OpenSSL library
 python-openssl-dbg - Python 2 wrapper around the OpenSSL library (debug 
extension)
 python-openssl-doc - Python wrapper around the OpenSSL library (documentation 
package)
 python3-openssl - Python 3 wrapper around the OpenSSL library
 python3-openssl-dbg - Python 3 wrapper around the OpenSSL library (debug 
extension)
Closes: 722055
Changes: 
 pyopenssl (0.13-2+deb7u1) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Add CVE-2013-4314.patch patch.
     CVE-2013-4314: Fix hostname check bypassing vulnerability with server
     certificates that have a null byte in the subjectAltName. (Closes: #722055)
Checksums-Sha1: 
 a8f14997710d936a2e267580188d978f263ce199 2450 pyopenssl_0.13-2+deb7u1.dsc
 b4de25c5e4e9d9bc375c419071efc45fa96d5597 250489 pyopenssl_0.13.orig.tar.gz
 b74cd7fdcb4d1ccd23518acb5d07932f082dc8e3 13566 
pyopenssl_0.13-2+deb7u1.debian.tar.gz
 3368aff9d3b1590f0b88136c624dd22e8c3b1618 144954 
python-openssl-doc_0.13-2+deb7u1_all.deb
 9fc01b3fb1d8ecb56bc6d9ec9eb0afefad62637d 175298 
python-openssl_0.13-2+deb7u1_amd64.deb
 b73d866f0f9d8f7865481c65a171064b832e8e64 781714 
python-openssl-dbg_0.13-2+deb7u1_amd64.deb
 95df8fee9beceadfe67c2e80ac0acb0a91281caa 117126 
python3-openssl_0.13-2+deb7u1_amd64.deb
 6e152b0dddcd187ab3000bba06f8c855e40e684d 398044 
python3-openssl-dbg_0.13-2+deb7u1_amd64.deb
Checksums-Sha256: 
 b1c9ca7f20e38ae681ba8738be827afd8afb736f2ef865f87fae8e6fb00dace7 2450 
pyopenssl_0.13-2+deb7u1.dsc
 21e12b03abaa0e04ecc8cd9c251598f71bae11c9f385304234e4ea5618c6163b 250489 
pyopenssl_0.13.orig.tar.gz
 c900b8e2623f628d3e1a96378a8b7849b34adb698b86aadbcb7657ec0852e4c9 13566 
pyopenssl_0.13-2+deb7u1.debian.tar.gz
 060391cb124b60cbcec301b00c27bd3c550eb2689f6ee54de5e3a11a5c9fec33 144954 
python-openssl-doc_0.13-2+deb7u1_all.deb
 06bcb8875ee7ced036faddad0babdce1459d477de7f228a52941914fdd9c0d59 175298 
python-openssl_0.13-2+deb7u1_amd64.deb
 4af43fa965f8b8c6b8768b1e19722be7ff63c27239ce723313a7e2cdaa4468e5 781714 
python-openssl-dbg_0.13-2+deb7u1_amd64.deb
 dfae6dec125f8a51576809465da495ff984643c9600f8c5d2ccde401064c19ab 117126 
python3-openssl_0.13-2+deb7u1_amd64.deb
 98cd276dad62516ff553bccc033e5421229038454ecb47f463dfa9aba24ec35b 398044 
python3-openssl-dbg_0.13-2+deb7u1_amd64.deb
Files: 
 96078564b3a50e645a18c0c6f98896f1 2450 python optional 
pyopenssl_0.13-2+deb7u1.dsc
 767bca18a71178ca353dff9e10941929 250489 python optional 
pyopenssl_0.13.orig.tar.gz
 e63ea2ac0706072040d58d96cc97084a 13566 python optional 
pyopenssl_0.13-2+deb7u1.debian.tar.gz
 c5f0074140d84587a395132fe8c79aca 144954 doc optional 
python-openssl-doc_0.13-2+deb7u1_all.deb
 a8e486b2d854e62ccfacdb076de85485 175298 python optional 
python-openssl_0.13-2+deb7u1_amd64.deb
 8825a668d698b307bdd2357a582fd189 781714 debug extra 
python-openssl-dbg_0.13-2+deb7u1_amd64.deb
 2d211c1790b49719246cfd2a919968a0 117126 python optional 
python3-openssl_0.13-2+deb7u1_amd64.deb
 46fb1d92e91bd8f112ade20e0fc03b17 398044 debug extra 
python3-openssl-dbg_0.13-2+deb7u1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBCgAGBQJSPV0/AAoJEHidbwV/2GP+aFAQAO72fSkDv2JF/xJ7EzEApHWn
avcDfUdjAz/lDeSXMBqTBSjavxFS9p/qGrqS2gTFylRAckS+rbRUA0HfsU/VAQDy
DrddNwqvtHwUdTzaq6HCcfF6leo/+e6PjNzKfjcbQWD6AiQgfNOhgoBDf1X3CJFG
CCu1BASMk2iHnzraJioksWiajjy2ffcXI0uD6GjERUcQfLzl8Qj8t4UGNqm4flQ7
Hbyvb16n2sw3M6o9WK58UzNaI2wdFGUQGbkgD0qXfnX3Ix6dz2FmmtAzUaEYWm+f
2FKmYBQFPfqEvgAd01uB+NH8HzlRQ6OTz0N9j1aGZh9PNZvp0YLWTOLUIQB2bDv1
bGJQdiJaj3QY/NNB7RLtMUyzQB7UMQUvnDEY+t6ezOMNlFfcVBd2S+JB+ytj1CIc
Sr2Auuja6va4VW4jXpzhZg8S2OiodpmlLXL+EdblxSeJM5DYsbemN68Uo6AbgqZb
CuY8c8VrJCz7HDaK5CX6ak8i3z6lbGc1KAcT9HAYMol2n/QzmokbSHSfy4DkZINs
6zoGoV1hi9w40SU+RnoeKNmB3VIEgNSoOQ9h5uJOzc3yym7V03iQadVj0oqV3iIz
vzyOB4I7WIHJawQtuYcU7rjzSz2vq3rwRSGZ5rqPxnZLX226de6KE4fpeCgKWGFw
jbOB7t9HcafYsLM7ZidR
=pGkf
-----END PGP SIGNATURE-----

--- End Message ---

_______________________________________________
Python-modules-team mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-modules-team

[Python-modules-team] Bug#722055: marked as done (python-openssl: CVE-2013-4314: hostname check bypassing vulnerability)

Reply via email to