[Python-modules-team] Bug#781813: python-restkit: CVE-2015-2674: incorrect SSL/TLS certificate validation
Moritz Mühlenhoff
jmm at inutil.org
Mon Oct 2 14:02:52 UTC 2017
severity 781813 grave
thanks
On Fri, Apr 03, 2015 at 02:23:54PM +0200, Salvatore Bonaccorso wrote:
> Source: python-restkit
> Version: 4.2.2-1
> Severity: important
> Tags: security upstream
>
> Hi,
>
> the following vulnerability was published for python-restkit.
>
> CVE-2015-2674[0]:
> Doesn't Validate TLS
>
> python-restkit just used ssl.wrap_socket from the standard library
> (which does not do any validation by default). AFAIK there is not
> upstream fix for python-restkit yet. Upstream issue is reported at
> [1].
Bumping severity, this should at least be documented in the package.
Cheers,
Moritz
More information about the Python-modules-team
mailing list