18:29 < lool> kees: Hey I'm happy to promote python-oauth unless you'd like to
do a security review; it's relatively small and trivial python lib
but it's parsing data from the net
https://bugs.launchpad.net/bugs/408878
18:42 < james_w> lool, kees: python-oauth implement OAuth 1.0, not 1.0a, so is
vulnerable to what can be a very serious session fixation attack
18:42 < james_w> it's not really a "full of buffer overflows" problem, but
something to consider
18:43 < kees> james_w: sounds like a reason to reject it to me.
18:43 < kees> lool: what needs it?
18:44 < james_w> kees: Ubuntu One, the new python-launchpadlib
18:44 < james_w> (the old one embeds a copy :-/)
That's a really serious issue but I don't know whether Ubuntu One or
launchpadlib are affected
** Changed in: python-oauth (Ubuntu)
Status: In Progress => Incomplete
--
[MIR] python-oauth
https://bugs.launchpad.net/bugs/408878
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
