Date: Tue, 13 Aug 2013 12:37:40 +1000 From: Murray McAllister <mmcallis@...hat.com> To: oss-security@...ts.openwall.com CC: security@...hon.org, security@...y-lang.org, cve-assign@...re.org Subject: CVE Request -- Python SSL module does not handle certificates that contain hostnames with NULL bytes Good morning, An issue similar to CVE-2013-4073 was found in Python: https://bugs.mageia.org/show_bug.cgi?id=10989 http://bugs.python.org/issue18709 Could a CVE for the Python instance of this flaw please be assigned (if one has not already been assigned)? Thanks.  <http://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/> <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4073> -- Murray McAllister / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.