Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#36758 - [python/python2] CVE-2013-4238 SSL certificate validation flaw
Attached to Project:
Arch Linux
Opened by Steven (Stebalien) - Saturday, 31 August 2013, 19:55 GMT
Last edited by Bartłomiej Piotrowski (Barthalion) - Friday, 06 September 2013, 08:07 GMT
Opened by Steven (Stebalien) - Saturday, 31 August 2013, 19:55 GMT
Last edited by Bartłomiej Piotrowski (Barthalion) - Friday, 06 September 2013, 08:07 GMT
|
Details"SSL module fails to handle NULL bytes inside subjectAltNames general names"
CVE: CVE-2013-4238 Upstream Bug: http://bugs.python.org/issue18709 I removed the NEWS sections of the upstream patches as they failed to apply. It should also be noted that the SSL test case fails (for me) with or without the patch. |
python2-pkg-CVE-2013-4238.pat...
This task depends upon
Closed by Bartłomiej Piotrowski (Barthalion)
Friday, 06 September 2013, 08:07 GMT
Reason for closing: Fixed
Additional comments about closing: python 3.3.2-2
python2 2.7.5-2
Friday, 06 September 2013, 08:07 GMT
Reason for closing: Fixed
Additional comments about closing: python 3.3.2-2
python2 2.7.5-2