oss-sec mailing list archives

Re: CVE Request -- Mercurial --Doesn't verify subject Common Name properly

From: Matthias Andree <matthias.andree () gmx de>
Date: Wed, 17 Nov 2010 09:40:03 +0100

Am 16.11.2010 17:02, schrieb Marc Deslauriers:

Thanks for the clarification. Here are some more projects that need CVEs
for this issue:

libcloud:
https://issues.apache.org/jira/browse/LIBCLOUD-55
https://bugs.launchpad.net/ubuntu/+source/libcloud/+bug/675217

Checkbox:
https://bugs.launchpad.net/ubuntu/+source/checkbox/+bug/625076

Bazaar:
https://bugs.edge.launchpad.net/bzr/+bug/651161


In the past, Charles Cazabon's getmail would have had to be added to the
list, but he didn't care and pointed fingers at the Python library
developers, and I'm not sure what the current shape of getmail 4 is, and
don't care sufficiently to look it up.

Getmail used to happily connect to sites that have expired certs, for
instance.

-- 
Matthias Andree

Current thread:

CVE Request -- Mercurial --Doesn't verify subject Common Name properly Jan Lieskovsky (Oct 08)
- <Possible follow-ups>
- Re: CVE Request -- Mercurial --Doesn't verify subject Common Name properly Josh Bressers (Oct 11)
  - Re: CVE Request -- Mercurial --Doesn't verify subject Common Name properly Marc Deslauriers (Nov 14)
    - Re: CVE Request -- Mercurial --Doesn't verify subject Common Name properly Steven M. Christey (Nov 15)
    - Re: CVE Request -- Mercurial --Doesn't verify subject Common Name properly Marc Deslauriers (Nov 16)
    - Re: CVE Request -- Mercurial --Doesn't verify subject Common Name properly Matthias Andree (Nov 17)
    - Re: CVE Request -- Mercurial --Doesn't verify subject Common Name properly dave b (Nov 17)
    - Re: CVE Request -- Mercurial --Doesn't verify subject Common Name properly Ben Laurie (Nov 16)
    - Re: CVE Request -- Mercurial --Doesn't verify subject Common Name properly Ludwig Nussel (Nov 17)
    - Re: CVE Request -- Mercurial --Doesn't verify subject Common Name properly dave b (Nov 17)