[Secure-testing-team] Bug#719567: python3.3: CVE-2013-4238: Python SSL module does not handle certificates that contain hostnames with NULL bytes
Salvatore Bonaccorso
carnil at debian.org
Tue Aug 13 07:38:20 UTC 2013
Package: python3.3
Version: 3.3.2-5
Severity: grave
Tags: security upstream patch
Hi,
the following vulnerability was published for python3.3
CVE-2013-4238[0]:
Python SSL module does not handle certificates that contain hostnames with NULL bytes
See also upstream bugreport [1] which contains patches (also including tests).
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://security-tracker.debian.org/tracker/CVE-2013-4238
[1] http://bugs.python.org/issue18709
Regards,
Salvatore
More information about the Secure-testing-team
mailing list