*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Marc Deslauriers
(mdeslaur):
After httplib2 has found a certificate to be invalid it will permit
future requests on the same https connection. Future requests will be
performed without validating the certificate.
The attached program attempts two requests on a single https connection.
One request receives a httplib2.CertificateHostnameMismatch exception,
the other receives a HTTP 200 success code.
An invalid certificate should be treated as a connection error, and
future requests should attempt to establish a new https connection to
the server.
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: python-httplib2 0.7.2-1ubuntu2
ProcVersionSignature: Ubuntu 3.2.0-40.64-generic 3.2.40
Uname: Linux 3.2.0-40-generic i686
NonfreeKernelModules: nvidia
ApportVersion: 2.0.1-0ubuntu17.2
Architecture: i386
Date: Wed May 1 19:48:16 2013
EcryptfsInUse: Yes
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Release i386 (20110427.1)
MarkForUpload: True
PackageArchitecture: all
SourcePackage: python-httplib2
UpgradeStatus: Upgraded to precise on 2012-05-08 (357 days ago)
** Affects: httplib2
Importance: Unknown
Status: Unknown
** Affects: python-httplib2 (Ubuntu)
Importance: Undecided
Status: New
** Affects: python-httplib2 (Debian)
Importance: Undecided
Status: New
** Tags: apport-bug i386 precise
--
requests permitted after invalid certificate is received
https://bugs.launchpad.net/bugs/1175272
You received this bug notification because you are a member of Ubuntu Bugs,
which is subscribed to the bug report.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
