[Bug 1182124] Re: [CVE-2013-2099] ssl.match_hostname() trips over crafted wildcard names
Marc Deslauriers
marc.deslauriers at canonical.com
Wed May 22 13:27:40 UTC 2013
Merge in comment #2 looks good. Thanks!
Uploaded to saucy.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to bzr in Ubuntu.
https://bugs.launchpad.net/bugs/1182124
Title:
[CVE-2013-2099] ssl.match_hostname() trips over crafted wildcard names
Status in Bazaar Version Control System:
Fix Committed
Status in Python:
Fix Released
Status in “bzr” package in Ubuntu:
Triaged
Status in “bzr” package in Debian:
Fix Released
Bug description:
/bzrlib/transport/http/_urllib2_wrappers.py contains code from Python
3.2's ssl module for which there has been a security issue found.
Python Bug: http://bugs.python.org/issue17980
CVE request: http://www.openwall.com/lists/oss-security/2013/05/15/6
Probable fix: http://hg.python.org/cpython/rev/fafd33db6ff6/
ProblemType: Bug
DistroRelease: Ubuntu 13.04
Package: bzr 2.6.0~bzr6571-4ubuntu2
ProcVersionSignature: Ubuntu 3.8.0-21.32-generic 3.8.8
Uname: Linux 3.8.0-21-generic x86_64
ApportVersion: 2.9.2-0ubuntu8
Architecture: amd64
Date: Mon May 20 11:36:23 2013
InstallationDate: Installed on 2013-03-16 (64 days ago)
InstallationMedia: Ubuntu 13.04 "Raring Ringtail" - Alpha amd64 (20130316)
MarkForUpload: True
PackageArchitecture: all
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: bzr
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/bzr/+bug/1182124/+subscriptions
More information about the foundations-bugs
mailing list