[Pkg-bazaar-maint] Bug#708530: python3: CVE-2013-2099: ssl.match_hostname() trips over crafted wildcard

Jakub Wilk jwilk at debian.org
Mon May 20 15:18:43 UTC 2013


Control: clone -1 -2 -3 -4 -5 -6 -7
Control: reassign -2 python2.7 2.7.3-11
Control: retitle -2 python2.7: possible abuse of ssl.match_hostname() for DoS usings certs with many wildcards
Control: reassign -3 linkchecker
Control: retitle -3 linkchecker: possible abuse of match_hostname() for DoS usings certs with many wildcards
Control: reassign -4 python-bzrlib
Control: retitle -4 python-bzrlib: possible abuse of match_hostname() for DoS usings certs with many wildcards
Control: reassign -5 src:python-tornado
Control: retitle -5 python(3)-tornado: possible abuse of match_hostname() for DoS usings certs with many wildcards
Control: reassign -6 src:python-urllib
Control: retitle -6 python(3)-urllib3: possible abuse of match_hostname() for DoS usings certs with many wildcards
Control: reassign -7 w3af-console
Control: retitle -7 w3af-console: possible abuse of match_hostname() for DoS usings certs with many wildcards

* Henri Salo <henri at nerv.fi>, 2013-05-16, 16:03:
>CVE request: http://www.openwall.com/lists/oss-security/2013/05/15/6
>Upstream: http://bugs.python.org/issue17980

Unfortunately, we have quite a few embedded copies of this code. :(

-- 
Jakub Wilk



More information about the Pkg-bazaar-maint mailing list