oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [PSRT] [oss-security] CVE Request -- Python SSL module does not handle certificates that contain hostnames with NULL bytes

From: Christian Heimes <christian () python org>
Date: Fri, 16 Aug 2013 02:42:42 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Am 16.08.2013 00:23, schrieb Brian Cameron:


I notice the upstream bug has patches for many versions of Python,
but not for Python 2.6.  Will a Python 2.6 patch be provided, or is
it a reasonable fix to just backport the patched 2.7 files to 2.6
directly?


Hi Brian,

I have back ported my patch to 2.6 and uploaded it for you [1]. Enjoy! :)

Python 2.6 will get a final security release in October. Barry plans
to include the patch, too.

Regards,
Christian

[1] http://bugs.python.org/issue18709
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJSDXV9AAoJEMeIxMHUVQ1Fc3cP/irGYbzpqXISUrQt+OAd1KPB
5M4SNJE2rUebhXiihic+YfjdrtjPkqmwD6dK2dnmMAmcRIyWGbluf434PgGmV1Uk
6fmDU/j/h7zTK21wd6lttmJVdbsS85cxHsTTEi8Vtm6dBsblpdKCxaNMQx3f4o0/
wmBdvEcoH7BSpz9GC7gSg6iOWUfuQAyLXTBHtEHM49gG9CGfqlZrRFe/iOjpRCXa
gzQRiskyqIq8lv7foDHVaX4XO9n3HLmlbeQnVbeLjAWslpZSU9bl+bxIwaqq7Oi1
fG/B18/x7o+x11LkaZ2Su6P0zGyh3Drm0dxX3MwC9Q2SEOlQtV1PxJigj1KKoHzR
XogVUcIpzsC6wa7EJxQbd63ggyOOaQx20ozDYISLdcjD0GvTZgnmkm/UyVgSoLJi
PTL07FOXXu1o2aDHRIYoBKkEgxWAuiPYM6ancav/jOLlpvoVEiUN++5ouosoAKBe
i5JAfwlku+txNxaFvJerlhKN0Vfs3K+t5PRqeAq+sMQc/9T3QbAVnjOe8fgHkkX1
5WP1LPN8Om43zVuClyv6jULwBP1ozYR0Cbmmf4ioJUOs8pxOgIggncUd1wVm84Xu
rx6xhcbIHqwmxrZLoepCdcOupqgfjeuexWOg0uENjuiOPVzoUUA/u6kL9pEYqisM
tYE4oKNRBZpmWcS8Y/yK
=YvTP
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: