oss-sec mailing list archives
CVE Request for requests-kerberos
From: Ian Cordasco <graffatcolmingov () gmail com>
Date: Tue, 4 Nov 2014 12:20:02 -0600
Hello all, A fix was merged and released today for the package which performs kerberos authentication when using python-requests. Prior to this, every version of the package did not properly handle mutual authentication which means that the client did not verify that the user was communicating with a trusted server. The version which contains the fix is 0.6 and all prior versions are considered vulnerable. Please assign a CVE to this issue. Cheers, Ian
Current thread:
- CVE Request for requests-kerberos Ian Cordasco (Nov 04)
- Re: CVE Request for requests-kerberos Kurt Seifried (Nov 04)
- Re: CVE Request for requests-kerberos Ian Cordasco (Nov 04)
- Re: CVE Request for requests-kerberos cve-assign (Nov 06)
- Re: CVE Request for requests-kerberos Kurt Seifried (Nov 04)