[Python-modules-team] Bug#781813: python-restkit: CVE-2015-2674: incorrect SSL/TLS certificate validation
Salvatore Bonaccorso
carnil at debian.org
Fri Apr 3 12:23:54 UTC 2015
Source: python-restkit
Version: 4.2.2-1
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for python-restkit.
CVE-2015-2674[0]:
Doesn't Validate TLS
python-restkit just used ssl.wrap_socket from the standard library
(which does not do any validation by default). AFAIK there is not
upstream fix for python-restkit yet. Upstream issue is reported at
[1].
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-2674
[1] https://github.com/benoitc/restkit/issues/140
[2] http://seclists.org/oss-sec/2015/q1/962
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Python-modules-team
mailing list