[Python-modules-team] Bug#722656: python-oauth2: CVE-2013-4346: _check_signature() ignores the nonce value when validating signed urls
Salvatore Bonaccorso
carnil at debian.org
Fri Sep 13 05:00:09 UTC 2013
Package: python-oauth2
Severity: grave
Tags: security upstream
Hi,
the following vulnerability was published for python-oauth2.
CVE-2013-4346[0]:
_check_signature() ignores the nonce value when validating signed urls
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
Fixes upstream are not available so far.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4346
http://security-tracker.debian.org/tracker/CVE-2013-4346
[1] http://www.openwall.com/lists/oss-security/2013/09/12/7
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Python-modules-team
mailing list