oss-sec mailing list archives
Re: [PSRT] [oss-security] CVE Request -- Python SSL module does not handle certificates that contain hostnames with NULL bytes
From: Christian Heimes <christian () python org>
Date: Fri, 16 Aug 2013 02:42:42 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Am 16.08.2013 00:23, schrieb Brian Cameron:
I notice the upstream bug has patches for many versions of Python, but not for Python 2.6. Will a Python 2.6 patch be provided, or is it a reasonable fix to just backport the patched 2.7 files to 2.6 directly?
Hi Brian, I have back ported my patch to 2.6 and uploaded it for you [1]. Enjoy! :) Python 2.6 will get a final security release in October. Barry plans to include the patch, too. Regards, Christian [1] http://bugs.python.org/issue18709 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQIcBAEBCgAGBQJSDXV9AAoJEMeIxMHUVQ1Fc3cP/irGYbzpqXISUrQt+OAd1KPB 5M4SNJE2rUebhXiihic+YfjdrtjPkqmwD6dK2dnmMAmcRIyWGbluf434PgGmV1Uk 6fmDU/j/h7zTK21wd6lttmJVdbsS85cxHsTTEi8Vtm6dBsblpdKCxaNMQx3f4o0/ wmBdvEcoH7BSpz9GC7gSg6iOWUfuQAyLXTBHtEHM49gG9CGfqlZrRFe/iOjpRCXa gzQRiskyqIq8lv7foDHVaX4XO9n3HLmlbeQnVbeLjAWslpZSU9bl+bxIwaqq7Oi1 fG/B18/x7o+x11LkaZ2Su6P0zGyh3Drm0dxX3MwC9Q2SEOlQtV1PxJigj1KKoHzR XogVUcIpzsC6wa7EJxQbd63ggyOOaQx20ozDYISLdcjD0GvTZgnmkm/UyVgSoLJi PTL07FOXXu1o2aDHRIYoBKkEgxWAuiPYM6ancav/jOLlpvoVEiUN++5ouosoAKBe i5JAfwlku+txNxaFvJerlhKN0Vfs3K+t5PRqeAq+sMQc/9T3QbAVnjOe8fgHkkX1 5WP1LPN8Om43zVuClyv6jULwBP1ozYR0Cbmmf4ioJUOs8pxOgIggncUd1wVm84Xu rx6xhcbIHqwmxrZLoepCdcOupqgfjeuexWOg0uENjuiOPVzoUUA/u6kL9pEYqisM tYE4oKNRBZpmWcS8Y/yK =YvTP -----END PGP SIGNATURE-----
Current thread:
- CVE Request -- Python SSL module does not handle certificates that contain hostnames with NULL bytes Murray McAllister (Aug 12)
- Re: CVE Request -- Python SSL module does not handle certificates that contain hostnames with NULL bytes Kurt Seifried (Aug 12)
- Re: CVE Request -- Python SSL module does not handle certificates that contain hostnames with NULL bytes Brian Cameron (Aug 15)
- Re: [PSRT] [oss-security] CVE Request -- Python SSL module does not handle certificates that contain hostnames with NULL bytes Christian Heimes (Aug 15)
- Re: CVE Request -- Python SSL module does not handle certificates that contain hostnames with NULL bytes Brian Cameron (Aug 15)
- Re: CVE Request -- Python SSL module does not handle certificates that contain hostnames with NULL bytes Kurt Seifried (Aug 12)