eoan has reached end of life, so this bug will not be fixed for that
release
** Changed in: python2.7 (Ubuntu Eoan)
Status: Triaged => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/18
This bug was fixed in the package python2.7 - 2.7.12-1ubuntu0~16.04.8
---
python2.7 (2.7.12-1ubuntu0~16.04.8) xenial-security; urgency=medium
* SECURITY UPDATE: incorrect cookie domain check
- debian/patches/CVE-2018-20852.patch: prefix dot in domain for proper
subdomain v
This bug was fixed in the package python2.7 - 2.7.15-4ubuntu4~18.04.1
---
python2.7 (2.7.15-4ubuntu4~18.04.1) bionic-security; urgency=medium
* SECURITY UPDATE: incorrect cookie domain check
- debian/patches/CVE-2018-20852.patch: prefix dot in domain for proper
subdomain v
This bug was fixed in the package python2.7 - 2.7.16-2ubuntu0.1
---
python2.7 (2.7.16-2ubuntu0.1) disco-security; urgency=medium
* SECURITY UPDATE: incorrect cookie domain check
- debian/patches/CVE-2018-20852.patch: prefix dot in domain for proper
subdomain validation in
This bug was fixed in the package python3.5 - 3.5.2-2ubuntu0~16.04.8
---
python3.5 (3.5.2-2ubuntu0~16.04.8) xenial-security; urgency=medium
* SECURITY UPDATE: incorrect cookie domain check
- debian/patches/CVE-2018-20852.patch: prefix dot in domain for proper
subdomain val
The 2.7 and 3.5 python packages in the security proposed PPA have been
successfully tested in a fips and non-fips xenial environment.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1835135
Title:
FIP
** Also affects: python2.7 (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: python2.7 (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: python2.7 (Ubuntu Cosmic)
Importance: Undecided
Status: New
** Also affects: python2.7 (Ubuntu
Upon looking at the source for both python2.7 and python3.5 in xenial,
neither checks the return value from EVP_DigestInit in
Modules/_hashopenssl.c file.
However, python3.6 (in bionic, cosmic and disco) does have the check.
So the check will need to be backported to python 2.7 and python 3.5 in
Like python3, python2 should check the return value of EVP_DigestInit.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1835135
Title:
FIPS OpenSSL crashes Python2 hashlib
To manage notifications abou
The assessment is accurate.
FIPS 140-2 does not allow MD5 except for use in PRF.
Thus the OpenSSL_add_all_digests in fips openssl does not include MD5.
However, SSL_library_init() does include MD5 but only for use in calculating
the PRF. Notice in tls1_P_hash() in ssl/t1_enc.c
the flag, EVP_MD
Investigating
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1835135
Title:
FIPS OpenSSL crashes Python2 hashlib
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+sour
Thanks for bringing this up. The FIPS team is aware of it and will
address this.
** Changed in: python2.7 (Ubuntu)
Status: New => Triaged
** Changed in: python2.7 (Ubuntu)
Importance: Undecided => High
--
You received this bug notification because you are a member of Ubuntu
Bugs, whic
12 matches
Mail list logo