[Bug 1182124] [NEW] [CVE-2013-2099] ssl.match_hostname() trips over crafted wildcard names

Mon, 20 May 2013 08:50:48 -0700 

Public bug reported:

/bzrlib/transport/http/_urllib2_wrappers.py contains code from Python
3.2's ssl module for which there has been a security issue found.

Python Bug: http://bugs.python.org/issue17980
CVE request: http://www.openwall.com/lists/oss-security/2013/05/15/6
Probable fix: http://hg.python.org/cpython/rev/fafd33db6ff6/

ProblemType: Bug
DistroRelease: Ubuntu 13.04
Package: bzr 2.6.0~bzr6571-4ubuntu2
ProcVersionSignature: Ubuntu 3.8.0-21.32-generic 3.8.8
Uname: Linux 3.8.0-21-generic x86_64
ApportVersion: 2.9.2-0ubuntu8
Architecture: amd64
Date: Mon May 20 11:36:23 2013
InstallationDate: Installed on 2013-03-16 (64 days ago)
InstallationMedia: Ubuntu 13.04 "Raring Ringtail" - Alpha amd64 (20130316)
MarkForUpload: True
PackageArchitecture: all
ProcEnviron:
 TERM=xterm
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: bzr
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: bzr
     Importance: Medium
         Status: Triaged

** Affects: python
     Importance: Unknown
         Status: Unknown

** Affects: bzr (Ubuntu)
     Importance: Medium
         Status: Triaged

** Affects: bzr (Debian)
     Importance: Unknown
         Status: Unknown


** Tags: amd64 apport-bug raring

** Changed in: bzr (Ubuntu)
       Status: New => Triaged

** Changed in: bzr (Ubuntu)
   Importance: Undecided => Medium

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-2099

** Also affects: bzr
   Importance: Undecided
       Status: New

** Bug watch added: Debian Bug tracker #709068
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709068

** Also affects: bzr (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709068
   Importance: Unknown
       Status: Unknown

** Bug watch added: Python Roundup #17980
   http://bugs.python.org/issue17980

** Also affects: python via
   http://bugs.python.org/issue17980
   Importance: Unknown
       Status: Unknown

** Changed in: bzr
       Status: New => Triaged

** Changed in: bzr
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1182124

Title:
  [CVE-2013-2099] ssl.match_hostname() trips over crafted wildcard names

To manage notifications about this bug go to:
https://bugs.launchpad.net/bzr/+bug/1182124/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to