** Changed in: bzr
Milestone: 2.6b3 = 2.6.0
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1182124
Title:
[CVE-2013-2099] ssl.match_hostname() trips over crafted wildcard names
To manage
** Changed in: bzr
Status: Fix Committed = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1182124
Title:
[CVE-2013-2099] ssl.match_hostname() trips over crafted wildcard names
** Branch linked: lp:~debian-bazaar/bzr/2.6
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1182124
Title:
[CVE-2013-2099] ssl.match_hostname() trips over crafted wildcard names
To manage
Note: there's now a backports module on pypi for this function:
https://pypi.python.org/pypi/backports.ssl_match_hostname/
However, it hasn't fixed this CVE upstream as fast as you have :-)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
Merge in comment #2 looks good. Thanks!
Uploaded to saucy.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1182124
Title:
[CVE-2013-2099] ssl.match_hostname() trips over crafted wildcard names
To
This bug was fixed in the package bzr - 2.6.0~bzr6574-1ubuntu1
---
bzr (2.6.0~bzr6574-1ubuntu1) saucy; urgency=low
* Merge from Debian unstable. Remaining Ubuntu changes:
- Drop build dependencies on python-{meliae,lzma,medusa},
which are not in main.
* Drop changes to
** Changed in: bzr (Debian)
Status: Confirmed = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1182124
Title:
[CVE-2013-2099] ssl.match_hostname() trips over crafted wildcard
** Changed in: bzr
Status: Triaged = In Progress
** Changed in: bzr
Assignee: (unassigned) = Andrew Starr-Bochicchio (andrewsomething)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Changed in: bzr (Debian)
Status: Unknown = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1182124
Title:
[CVE-2013-2099] ssl.match_hostname() trips over crafted wildcard names
** Changed in: python
Status: Unknown = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1182124
Title:
[CVE-2013-2099] ssl.match_hostname() trips over crafted wildcard names
To
** Branch linked: lp:~andrewsomething/bzr/CVE-2013-2099
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1182124
Title:
[CVE-2013-2099] ssl.match_hostname() trips over crafted wildcard names
To
** Changed in: bzr (Ubuntu)
Status: Triaged = In Progress
** Changed in: bzr (Ubuntu)
Assignee: (unassigned) = Andrew Starr-Bochicchio (andrewsomething)
** Changed in: bzr
Status: In Progress = Fix Committed
** Changed in: bzr
Milestone: None = 2.6b3
--
You received
Fixed both upstream and Debian. Attached debdiff merges the fix from
Debian.
(I've dropped the Ubuntu change to Vcs fields as the UDD bzr imports for
both Debian and Ubuntu are out of date. So that branch isn't very
helpful. Yes, I realize that is a bit ironic...)
Changes since last Ubuntu
** Patch added: old.ubuntunew.ubuntu.debdiff
https://bugs.launchpad.net/ubuntu/+source/bzr/+bug/1182124/+attachment/3682449/+files/old.ubuntu%3Enew.ubuntu.debdiff
** Changed in: bzr (Ubuntu)
Status: In Progress = Triaged
--
You received this bug notification because you are a member
14 matches
Mail list logo
