Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 4 Nov 2014 12:20:02 -0600
From: Ian Cordasco <graffatcolmingov@...il.com>
To: oss-security@...ts.openwall.com
Subject: CVE Request for requests-kerberos

Hello all,

A fix was merged and released today for the package which performs
kerberos authentication when using python-requests. Prior to this,
every version of the package did not properly handle mutual
authentication which means that the client did not verify that the
user was communicating with a trusted server. The version which
contains the fix is 0.6 and all prior versions are considered
vulnerable.

Please assign a CVE to this issue.

Cheers,
Ian

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ