oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777

From: Tomas Hoger <thoger () redhat com>
Date: Thu, 5 Mar 2015 21:38:36 +0100
On Thu, 05 Mar 2015 17:06:38 +0000 John Haxby wrote:


PEP 476 cites 11 CVEs that resulted from python not properly
validating certificates.   This would be number 12.

Shouldn't python versions prior to 2.7.9 and 3.4.3 have a CVE each for
the lack of verification?


http://seclists.org/oss-sec/2014/q4/1028

-- 
Tomas Hoger / Red Hat Product Security
Previous By Date Next
Previous By Thread Next

Current thread: