oss-sec mailing list archives

CVE Request: httplib2 ssl cert incorrect error handling

From: Marc Deslauriers <marc.deslauriers () canonical com>
Date: Wed, 01 May 2013 16:15:19 -0700

Hello,

httplib2 only validates SSL certificates on the first request to a
connection, and doesn't report validation failures on subsequent requests.

Bugs:

http://code.google.com/p/httplib2/issues/detail?id=282
https://bugs.launchpad.net/httplib2/+bug/1175272

Could a CVE please be assigned to this issue?

Thanks,

Marc.

-- 
Marc Deslauriers
Ubuntu Security Engineer     | http://www.ubuntu.com/
Canonical Ltd.               | http://www.canonical.com/

Current thread:

CVE Request: httplib2 ssl cert incorrect error handling Marc Deslauriers (May 01)
- Re: CVE Request: httplib2 ssl cert incorrect error handling Kurt Seifried (May 01)