[Bug 1182124] [NEW] [CVE-2013-2099] ssl.match_hostname() trips over crafted wildcard names
Andrew Starr-Bochicchio
a.starr.b at gmail.com
Mon May 20 15:41:50 UTC 2013
Public bug reported:
/bzrlib/transport/http/_urllib2_wrappers.py contains code from Python
3.2's ssl module for which there has been a security issue found.
Python Bug: http://bugs.python.org/issue17980
CVE request: http://www.openwall.com/lists/oss-security/2013/05/15/6
Probable fix: http://hg.python.org/cpython/rev/fafd33db6ff6/
ProblemType: Bug
DistroRelease: Ubuntu 13.04
Package: bzr 2.6.0~bzr6571-4ubuntu2
ProcVersionSignature: Ubuntu 3.8.0-21.32-generic 3.8.8
Uname: Linux 3.8.0-21-generic x86_64
ApportVersion: 2.9.2-0ubuntu8
Architecture: amd64
Date: Mon May 20 11:36:23 2013
InstallationDate: Installed on 2013-03-16 (64 days ago)
InstallationMedia: Ubuntu 13.04 "Raring Ringtail" - Alpha amd64 (20130316)
MarkForUpload: True
PackageArchitecture: all
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: bzr
UpgradeStatus: No upgrade log present (probably fresh install)
** Affects: bzr
Importance: Medium
Status: Triaged
** Affects: python
Importance: Unknown
Status: Unknown
** Affects: bzr (Ubuntu)
Importance: Medium
Status: Triaged
** Affects: bzr (Debian)
Importance: Unknown
Status: Unknown
** Tags: amd64 apport-bug raring
** Changed in: bzr (Ubuntu)
Status: New => Triaged
** Changed in: bzr (Ubuntu)
Importance: Undecided => Medium
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-2099
** Also affects: bzr
Importance: Undecided
Status: New
** Bug watch added: Debian Bug tracker #709068
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709068
** Also affects: bzr (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709068
Importance: Unknown
Status: Unknown
** Bug watch added: Python Roundup #17980
http://bugs.python.org/issue17980
** Also affects: python via
http://bugs.python.org/issue17980
Importance: Unknown
Status: Unknown
** Changed in: bzr
Status: New => Triaged
** Changed in: bzr
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to bzr in Ubuntu.
https://bugs.launchpad.net/bugs/1182124
Title:
[CVE-2013-2099] ssl.match_hostname() trips over crafted wildcard names
Status in Bazaar Version Control System:
Triaged
Status in Python:
Unknown
Status in “bzr” package in Ubuntu:
Triaged
Status in “bzr” package in Debian:
Unknown
Bug description:
/bzrlib/transport/http/_urllib2_wrappers.py contains code from Python
3.2's ssl module for which there has been a security issue found.
Python Bug: http://bugs.python.org/issue17980
CVE request: http://www.openwall.com/lists/oss-security/2013/05/15/6
Probable fix: http://hg.python.org/cpython/rev/fafd33db6ff6/
ProblemType: Bug
DistroRelease: Ubuntu 13.04
Package: bzr 2.6.0~bzr6571-4ubuntu2
ProcVersionSignature: Ubuntu 3.8.0-21.32-generic 3.8.8
Uname: Linux 3.8.0-21-generic x86_64
ApportVersion: 2.9.2-0ubuntu8
Architecture: amd64
Date: Mon May 20 11:36:23 2013
InstallationDate: Installed on 2013-03-16 (64 days ago)
InstallationMedia: Ubuntu 13.04 "Raring Ringtail" - Alpha amd64 (20130316)
MarkForUpload: True
PackageArchitecture: all
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: bzr
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/bzr/+bug/1182124/+subscriptions
More information about the foundations-bugs
mailing list