oss-sec mailing list archives
Re: CVE Request: httplib2 ssl cert incorrect error handling
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 01 May 2013 23:24:21 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/01/2013 05:15 PM, Marc Deslauriers wrote:
Hello, httplib2 only validates SSL certificates on the first request to a connection, and doesn't report validation failures on subsequent requests. Bugs: http://code.google.com/p/httplib2/issues/detail?id=282 https://bugs.launchpad.net/httplib2/+bug/1175272 Could a CVE please be assigned to this issue? Thanks, Marc.
Please use CVE-2013-2037 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRgfiFAAoJEBYNRVNeJnmTg+UQAL5ueIwrbq6ns/GXuiJgvxYN YjI/jX1scN6SEKWUzLdJx6Mewmj4sbHZ2hR2wtcICcc7OuyeZqtqTC3eEPPF04a9 3Y5eX5hzFbRBY6TXGgbxX4ZpzSbhri1Ro1NiGnR4xVbdyvtSr+Y8uBZBol2A7E+q aEmq+iNO2yzlzoK8xOzi0mIGNVo50mMnEdFOt8xVKOQLwL+oY8IXul30VMm79CHK 0VCIXY9W9CAdBxXo5UYm8Wb9l9w6l5A0e3G/czxxGnuXcKB1HQPUUyVAFlqEaSoD sAvXJ3POKzC9g/2LdNFfcSl7GBVsfWK1/RQyeUgUYullePKy2GVjgvKyN1DESscj VP1unLjS4gNyDaCXWTLbSgcFA5Rv0wL4H3aZ+qzDVgZd2l9a8DsR0Y/Lj93ldpAA bn6OVRaj41spYiLgS0ncAcORh6eDTIHjefvzOGuU22+NS7S+WfG81KYROgligUjg jkrkyjups6Hq9QrroH5L/1QzjICxBKjaE63bI0zxH4xBTUpktEzpeeIcbLE+WZKn 9WPTG2W3Wpq82GLtoPDGLScM5vIEKnuRxTZJdEMrpAAALQenWeDdRzgeQgPLI7wD mCNibsd7iEk39GCkMc2wAa6P2AF81oZ2tmpJEbC9SWW7h8hzwDFvpudi18IYNIdg G8IvkreCuaSIiwqm9kQG =cTrc -----END PGP SIGNATURE-----
Current thread:
- CVE Request: httplib2 ssl cert incorrect error handling Marc Deslauriers (May 01)
- Re: CVE Request: httplib2 ssl cert incorrect error handling Kurt Seifried (May 01)