Fixed both upstream and Debian. Attached debdiff merges the fix from
Debian.
(I've dropped the Ubuntu change to Vcs fields as the UDD bzr imports for
both Debian and Ubuntu are out of date. So that branch isn't very
helpful. Yes, I realize that is a bit ironic...)
Changes since last Ubuntu version:
bzr (2.6.0~bzr6574-1ubuntu1) saucy; urgency=low
.
* Merge from Debian unstable. Remaining Ubuntu changes:
- Drop build dependencies on python-{meliae,lzma,medusa},
which are not in main.
* Drop changes to Vcs fields. The UDD imports are out of date.
.
bzr (2.6.0~bzr6574-1) unstable; urgency=low
.
* New upstream snapshot.
- Fix CVE 2013-2009. Avoid allowing multiple wildcards in a single
SSL cert hostname segment (Closes: #709068, LP: #1182124).
.
bzr (2.6.0~bzr6573-1) unstable; urgency=low
.
* Upload to unstable.
* New upstream snapshot.
* Remove the test_tuned_gzip.TestToGzip.test_enormous_chunks test
(LP: #1116079, #1160572).
* Drop debian/patches/04_revert_ui_changes, fixed upstream.
* Drop deprecated Dm-Upload-Allowed field.
* Bump Standards-Version to 3.9.4, no changes needed.
* Drop un-needed Build-Conflicts on python-gpgme.
** Patch added: "debian>ubuntu.debdiff"
https://bugs.launchpad.net/ubuntu/+source/bzr/+bug/1182124/+attachment/3682448/+files/debian%3Eubuntu.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1182124
Title:
[CVE-2013-2099] ssl.match_hostname() trips over crafted wildcard names
To manage notifications about this bug go to:
https://bugs.launchpad.net/bzr/+bug/1182124/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
