Date: Tue, 4 Nov 2014 12:20:02 -0600 From: Ian Cordasco <graffatcolmingov@...il.com> To: oss-security@...ts.openwall.com Subject: CVE Request for requests-kerberos Hello all, A fix was merged and released today for the package which performs kerberos authentication when using python-requests. Prior to this, every version of the package did not properly handle mutual authentication which means that the client did not verify that the user was communicating with a trusted server. The version which contains the fix is 0.6 and all prior versions are considered vulnerable. Please assign a CVE to this issue. Cheers, Ian
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ