Your message dated Tue, 24 Sep 2013 21:47:51 +0000
with message-id <[email protected]>
and subject line Bug#722055: fixed in pyopenssl 0.10-1+squeeze1
has caused the Debian Bug report #722055,
regarding python-openssl: CVE-2013-4314: hostname check bypassing vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
722055: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722055
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: python-openssl
Version: 0.13-2+b2
Severity: important
Tags: security, fixed-upstream
https://mail.python.org/pipermail/pyopenssl-users/2013-September/000478.html
In all prior releases, the string formatting of subjectAltName
X509Extension instances incorrectly truncated fields of the name when
encountering NUL. String formatting of this extension will now include
the NUL byte (escaped) and any following bytes.
Additionally, a bug causing memory to be leaked for each call to
X509.get_extension has been fixed.
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1005325
Please adjust affected version numbers accordingly.
---
Henri Salo
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: pyopenssl
Source-Version: 0.10-1+squeeze1
We believe that the bug you reported is fixed in the latest version of
pyopenssl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated pyopenssl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 21 Sep 2013 17:58:58 +0200
Source: pyopenssl
Binary: python-openssl python-openssl-doc python-openssl-dbg
Architecture: source all amd64
Version: 0.10-1+squeeze1
Distribution: squeeze-security
Urgency: high
Maintainer: Debian Python Modules Team
<[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Description:
python-openssl - Python wrapper around the OpenSSL library
python-openssl-dbg - Python wrapper around the OpenSSL library (debug
extension)
python-openssl-doc - Python wrapper around the OpenSSL library (documentation
package)
Closes: 722055
Changes:
pyopenssl (0.10-1+squeeze1) squeeze-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Add 30_CVE-2013-4314.dpatch.
CVE-2013-4314: Fix hostname check bypassing vulnerability with server
certificates that have a null byte in the subjectAltName. (Closes: #722055)
Checksums-Sha1:
f956768a77337868f23c51df0f7eb77d09b7b0b0 2160 pyopenssl_0.10-1+squeeze1.dsc
11c956d317ab2b1628937a2681acc31f4b890fe8 222169 pyopenssl_0.10.orig.tar.gz
6812b4f9f7b21ff41505242d955bba358fe574cf 10395
pyopenssl_0.10-1+squeeze1.diff.gz
8bd204eeb99d09247f3a35d166a86c9fdae08178 131916
python-openssl-doc_0.10-1+squeeze1_all.deb
091a3e8790743696441b51f86c5f766583310f9d 136714
python-openssl_0.10-1+squeeze1_amd64.deb
f3f2b15e2846cf3ab6e448e9a4e13af09b95e886 592476
python-openssl-dbg_0.10-1+squeeze1_amd64.deb
Checksums-Sha256:
e633a72dd0e101bf704f4a869847005e2d6498e7fe35268a7584b87b0d9aae29 2160
pyopenssl_0.10-1+squeeze1.dsc
4514f8960389042ca2587f9cb801a13f7990387753fc678680b0c084719b5b60 222169
pyopenssl_0.10.orig.tar.gz
1c4a090599d04ec030a5d32445c66699d6ed3f774135b27b5fea9a5cf8457a8d 10395
pyopenssl_0.10-1+squeeze1.diff.gz
7ca62127b1de71605c25cb6c9ffe839e33aae31bd383e3b7cc713ae3bbc5cc87 131916
python-openssl-doc_0.10-1+squeeze1_all.deb
c809e04d4ac5255007455e4f8a88fe97c74084e81aef3cc3b717087ff565938c 136714
python-openssl_0.10-1+squeeze1_amd64.deb
a65b94813f4fe644ff50cb3efcfa3cec4cdbc7b532f3b40d1a8771f65c72a487 592476
python-openssl-dbg_0.10-1+squeeze1_amd64.deb
Files:
9e8bebe5c8b94de38b518388ab03829c 2160 python optional
pyopenssl_0.10-1+squeeze1.dsc
34db8056ec53ce80c7f5fc58bee9f093 222169 python optional
pyopenssl_0.10.orig.tar.gz
224a97b2a41eb6ceed6bd4a8ec6a343c 10395 python optional
pyopenssl_0.10-1+squeeze1.diff.gz
cc4f2016b6c12e60d29ef3b889fa038b 131916 doc optional
python-openssl-doc_0.10-1+squeeze1_all.deb
e87516d3538914c74b225a07a4cf6fc3 136714 python optional
python-openssl_0.10-1+squeeze1_amd64.deb
0f0e24e68a9782de9468d14278be7d7a 592476 debug extra
python-openssl-dbg_0.10-1+squeeze1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
iQIcBAEBCgAGBQJSQFMlAAoJEHidbwV/2GP+IPAQAIrLWX47klQjfZIf9G/5q3IQ
kOVBnNCxR8y9a2CWIZwiyEG/T991j1/jAWRLyHrl33s64y5XPfNFyxRxx/Ansc8e
mZ5qECXpR//Oyt7SuAO2Z7BxGRzyb6JZwVd9bjgwaZHydFbrTOIDlum7v6R0KxmW
S0Mq5D6suo4hpKqpwRaapDwmkYAqBbQ6+fuV6AvyXX8lyE5oClR5JlPnFzQjsQuy
2Og1UneuAmTjh/PsaAB6HO3pphKInLXG6sfy2O6aoFCZus6+w6uVzO5tx61BXXVD
NIYUCFcp64z48GVI+EtWEVnBvS7VpHs+G0e001B4E11xDuE8bBdSuw7vhu8d+Ikn
EwaFfB+6C6WKMdKT59P7yNkQQSMv27U4Cj3Inho1DJKbJwmszGTKiqQbez3olveG
LMVqutD3LTLfPRDe+HN98UoZQ1nzE7ph5EYFQJYDm+pykj1dqO5O3NDSNnAg8MXI
V+zgSojJGjtEKOxy9txjYKrf++TadCfhzyQQ9mrzj5T/mVTthTofQ/JUdp1qLznL
HvxJr4tDjsmfm74HvUfhK8AtwJHYhogmkk6HbwTCuBhSvdLP2j3SkLaumFolr/s9
MaFcdPUPLGqKxb+KvHnhtF/YiXmpBeBt4FtcWP6xrL31irTsHL96FVGSjTNylARF
mMn9SZ9Re11pjPlaOwAY
=p9N4
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Python-modules-team mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-modules-team
