Control: retitle -1 tweepy: CVE-2012-5825 Fail to verify hostname against X.509
certificate
I looked into how to get a fix for this issue into Debian stable (Jessie).
It is easier said than done, as the fix implemented upstream was to rewrite
the HTTPS connection code from using httplib to using
Upstream claims to have fixed this in their 3.0.0 release.
https://github.com/tweepy/tweepy/issues/279#issuecomment-65017673
--
Miguel Landaeta, nomadium at debian.org
secure email with PGP 0x6E608B637D8967E9 available at http://miguel.cc/key.
Faith means not wanting to know what is true. --
tags 692444 + confirmed
thanks
The issue is confirmed by upstream. Please see:
https://github.com/tweepy/tweepy/issues/279#issuecomment-17898339
The current status for this bug is waiting for resolution from upstream.
--
Miguel Landaeta, miguel at miguel.cc
secure email with PGP
Package: tweepy
Severity: important
Tags: security
Justification: user security hole
Please see Section 9 of this paper:
http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe.
4 matches
Mail list logo
