[Secure-testing-team] Bug#719566: python2.7: CVE-2013-4238: Python SSL module does not handle certificates that contain hostnames with NULL bytes
Salvatore Bonaccorso
carnil at debian.org
Tue Aug 13 07:36:37 UTC 2013
Package: python2.7
Version: 2.7.5-7
Severity: grave
Tags: security upstream patch
Hi,
the following vulnerability was published for python2.7
CVE-2013-4238[0]:
Python SSL module does not handle certificates that contain hostnames with NULL bytes
See also upstream bugreport [1] which contains patches (also including tests).
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://security-tracker.debian.org/tracker/CVE-2013-4238
[1] http://bugs.python.org/issue18709
Regards,
Salvatore
More information about the Secure-testing-team
mailing list