oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE request: pyOpenSSL hostname check bypassing vulnerability

From: Vincent Danen <vdanen () redhat com>
Date: Fri, 6 Sep 2013 10:28:23 -0600
pyOpenSSL suffers from the same NULL-byte truncation issue that ruby,
python, php, etc. suffered from (like ruby CVE-2013-4073).

0.13.1 was recently released to correct this.  Could a CVE be assigned?

References:

https://mail.python.org/pipermail/pyopenssl-users/2013-September/000478.html
https://bugzilla.redhat.com/show_bug.cgi?id=1005325

--
Vincent Danen / Red Hat Security Response Team
Previous By Date Next
Previous By Thread Next

Current thread: