Author: hertzog
Date: 2014-12-18 14:16:35 +0000 (Thu, 18 Dec 2014)
New Revision: 30821
Modified:
data/CVE/list
Log:
Mark CVE-2014-9365 as no-dsa for all python versions in Squeeze
The lack of cert validation is a widely known and documented mis-feature
of Python's stdlib, no Python programs in Squeeze should rely on it.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-12-18 14:16:26 UTC (rev 30820)
+++ data/CVE/list 2014-12-18 14:16:35 UTC (rev 30821)
@@ -1018,11 +1018,14 @@
NOTE:
http://debbugs.gnu.org/cgi/bugreport.cgi?msg=19;filename=coreutils-date-crash.patch;att=1;bug=16872
CVE-2014-9365 [certificate verification by default for stdlib http clients]
- python2.5 <removed>
+ [squeeze] - python2.5 <no-dsa> (Too intrusive to backport)
- python2.6 <removed>
[wheezy] - python2.6 <no-dsa> (Too intrusive to backport)
+ [squeeze] - python2.6 <no-dsa> (Too intrusive to backport)
- python2.7 2.7.9-1
[wheezy] - python2.7 <no-dsa> (Too intrusive to backport)
- python3.1 <removed>
+ [squeeze] - python3.1 <no-dsa> (Too intrusive to backport)
- python3.2 <removed>
[wheezy] - python3.2 <no-dsa> (Too intrusive to backport)
- python3.3 <removed>
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
