oss-sec mailing list archives
Re: CVE Request -- Mercurial --Doesn't verify subject Common Name properly
From: Ludwig Nussel <ludwig.nussel () suse de>
Date: Wed, 17 Nov 2010 09:28:41 +0100
Ben Laurie wrote:
On 15 November 2010 21:58, Steven M. Christey <coley () linus mitre org> wrote:Ouch, this is painful for a number of reasons. Maybe Python "should" get the CVE, but the decision to push the issue to application developers means that those developers will each have to provide fixes, and software consumers will have to track these related vulns at the application level.It would certainly be safer if Python did the test by default and applications had to explicitly turn it off...
Python doesn't verify certificates by default either IIRC. I guess python simply follows openssl (mis)behavior here. Well, lame excuse anyways. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
Current thread:
- CVE Request -- Mercurial --Doesn't verify subject Common Name properly Jan Lieskovsky (Oct 08)
- <Possible follow-ups>
- Re: CVE Request -- Mercurial --Doesn't verify subject Common Name properly Josh Bressers (Oct 11)
- Re: CVE Request -- Mercurial --Doesn't verify subject Common Name properly Marc Deslauriers (Nov 14)
- Re: CVE Request -- Mercurial --Doesn't verify subject Common Name properly Steven M. Christey (Nov 15)
- Re: CVE Request -- Mercurial --Doesn't verify subject Common Name properly Marc Deslauriers (Nov 16)
- Re: CVE Request -- Mercurial --Doesn't verify subject Common Name properly Matthias Andree (Nov 17)
- Re: CVE Request -- Mercurial --Doesn't verify subject Common Name properly dave b (Nov 17)
- Re: CVE Request -- Mercurial --Doesn't verify subject Common Name properly Marc Deslauriers (Nov 14)
- Re: CVE Request -- Mercurial --Doesn't verify subject Common Name properly Ben Laurie (Nov 16)
- Re: CVE Request -- Mercurial --Doesn't verify subject Common Name properly Ludwig Nussel (Nov 17)
- Re: CVE Request -- Mercurial --Doesn't verify subject Common Name properly dave b (Nov 17)