Bug#722055: python-openssl: CVE-2013-4314: hostname check bypassing vulnerability
Hello Sandro Are you working on the updates for this issues? The Security Team also has pyopenssl on the "needs DSA" list: Could you also prepare packages targetting squeeze-security and wheezy-security? Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#722055: python-openssl: CVE-2013-4314: hostname check bypassing vulnerability
Hi The reference to upstream diff: http://bazaar.launchpad.net/~exarkun/pyopenssl/trunk/revision/169 Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#722055: python-openssl: CVE-2013-4314: hostname check bypassing vulnerability
Package: python-openssl Version: 0.13-2+b2 Severity: important Tags: security, fixed-upstream https://mail.python.org/pipermail/pyopenssl-users/2013-September/000478.html In all prior releases, the string formatting of subjectAltName X509Extension instances incorrectly truncated fields of the name when encountering NUL. String formatting of this extension will now include the NUL byte (escaped) and any following bytes. Additionally, a bug causing memory to be leaked for each call to X509.get_extension has been fixed. References: https://bugzilla.redhat.com/show_bug.cgi?id=1005325 Please adjust affected version numbers accordingly. --- Henri Salo signature.asc Description: Digital signature
