eoan has reached end of life, so this bug will not be fixed for that
release
** Changed in: python2.7 (Ubuntu Eoan)
Status: Triaged => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python2.7 in Ubuntu.
This bug was fixed in the package python2.7 - 2.7.12-1ubuntu0~16.04.8
---
python2.7 (2.7.12-1ubuntu0~16.04.8) xenial-security; urgency=medium
* SECURITY UPDATE: incorrect cookie domain check
- debian/patches/CVE-2018-20852.patch: prefix dot in domain for proper
subdomain
This bug was fixed in the package python3.5 - 3.5.2-2ubuntu0~16.04.8
---
python3.5 (3.5.2-2ubuntu0~16.04.8) xenial-security; urgency=medium
* SECURITY UPDATE: incorrect cookie domain check
- debian/patches/CVE-2018-20852.patch: prefix dot in domain for proper
subdomain
This bug was fixed in the package python2.7 - 2.7.16-2ubuntu0.1
---
python2.7 (2.7.16-2ubuntu0.1) disco-security; urgency=medium
* SECURITY UPDATE: incorrect cookie domain check
- debian/patches/CVE-2018-20852.patch: prefix dot in domain for proper
subdomain validation in
This bug was fixed in the package python2.7 - 2.7.15-4ubuntu4~18.04.1
---
python2.7 (2.7.15-4ubuntu4~18.04.1) bionic-security; urgency=medium
* SECURITY UPDATE: incorrect cookie domain check
- debian/patches/CVE-2018-20852.patch: prefix dot in domain for proper
subdomain
The 2.7 and 3.5 python packages in the security proposed PPA have been
successfully tested in a fips and non-fips xenial environment.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python2.7 in Ubuntu.
** Also affects: python2.7 (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: python2.7 (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: python2.7 (Ubuntu Cosmic)
Importance: Undecided
Status: New
** Also affects: python2.7 (Ubuntu
Upon looking at the source for both python2.7 and python3.5 in xenial,
neither checks the return value from EVP_DigestInit in
Modules/_hashopenssl.c file.
However, python3.6 (in bionic, cosmic and disco) does have the check.
So the check will need to be backported to python 2.7 and python 3.5 in
Like python3, python2 should check the return value of EVP_DigestInit.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python2.7 in Ubuntu.
https://bugs.launchpad.net/bugs/1835135
Title:
FIPS OpenSSL crashes Python2
The assessment is accurate.
FIPS 140-2 does not allow MD5 except for use in PRF.
Thus the OpenSSL_add_all_digests in fips openssl does not include MD5.
However, SSL_library_init() does include MD5 but only for use in calculating
the PRF. Notice in tls1_P_hash() in ssl/t1_enc.c
the flag,
Investigating
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python2.7 in Ubuntu.
https://bugs.launchpad.net/bugs/1835135
Title:
FIPS OpenSSL crashes Python2 hashlib
Status in python2.7 package in Ubuntu:
Triaged
Bug
Thanks for bringing this up. The FIPS team is aware of it and will
address this.
** Changed in: python2.7 (Ubuntu)
Status: New => Triaged
** Changed in: python2.7 (Ubuntu)
Importance: Undecided => High
--
You received this bug notification because you are a member of Ubuntu
Touch
12 matches
Mail list logo
