oss-sec mailing list archives
CVE request: pyOpenSSL hostname check bypassing vulnerability
From: Vincent Danen <vdanen () redhat com>
Date: Fri, 6 Sep 2013 10:28:23 -0600
pyOpenSSL suffers from the same NULL-byte truncation issue that ruby, python, php, etc. suffered from (like ruby CVE-2013-4073). 0.13.1 was recently released to correct this. Could a CVE be assigned? References: https://mail.python.org/pipermail/pyopenssl-users/2013-September/000478.html https://bugzilla.redhat.com/show_bug.cgi?id=1005325 --Vincent Danen / Red Hat Security Response Team
Current thread:
- CVE request: pyOpenSSL hostname check bypassing vulnerability Vincent Danen (Sep 06)
- Re: CVE request: pyOpenSSL hostname check bypassing vulnerability Kurt Seifried (Sep 06)