[Bug 1469653] Re: CVE-2014-0224 not fixed for python-openssl based servers
Launchpad Bug Tracker
1469653 at bugs.launchpad.net
Sun Sep 6 04:17:23 UTC 2015
[Expired for pyopenssl (Ubuntu) because there has been no activity for
60 days.]
** Changed in: pyopenssl (Ubuntu)
Status: Incomplete => Expired
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pyopenssl in Ubuntu.
https://bugs.launchpad.net/bugs/1469653
Title:
CVE-2014-0224 not fixed for python-openssl based servers
Status in pyopenssl package in Ubuntu:
Expired
Bug description:
When creating a minimal https based server in python using 'from
OpenSSL import SSL' on a fully patched Ubuntu 14.04 system, the
OpenSSL bug as reported in CVE-2014-0224 seems to persist for that
server. A C++ implementation with the same functionality on the same
system does not show such issues so it would appear that its specific
to python-openssl .
The existence of this bug can be validated by running a simple python
based https server that uses the Python OpenSSL module on a public IP
adress and using the web form as provided on
https://www.ssllabs.com/ssltest/
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pyopenssl/+bug/1469653/+subscriptions
More information about the foundations-bugs
mailing list