This bug was fixed in the package bzr - 2.6.0~bzr6574-1ubuntu1
---------------
bzr (2.6.0~bzr6574-1ubuntu1) saucy; urgency=low
* Merge from Debian unstable. Remaining Ubuntu changes:
- Drop build dependencies on python-{meliae,lzma,medusa},
which are not in main.
* Drop changes to Vcs fields. The UDD imports are out of date.
bzr (2.6.0~bzr6574-1) unstable; urgency=low
* New upstream snapshot.
- Fix CVE 2013-2009. Avoid allowing multiple wildcards in a single
SSL cert hostname segment (Closes: #709068, LP: #1182124).
bzr (2.6.0~bzr6573-1) unstable; urgency=low
* Upload to unstable.
* New upstream snapshot.
* Remove the test_tuned_gzip.TestToGzip.test_enormous_chunks test
(LP: #1116079, #1160572).
* Drop debian/patches/04_revert_ui_changes, fixed upstream.
* Drop deprecated Dm-Upload-Allowed field.
* Bump Standards-Version to 3.9.4, no changes needed.
* Drop un-needed Build-Conflicts on python-gpgme.
-- Andrew Starr-Bochicchio <a.star...@gmail.com> Mon, 20 May 2013 20:55:13
-0400
** Changed in: bzr (Ubuntu)
Status: Triaged => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1182124
Title:
[CVE-2013-2099] ssl.match_hostname() trips over crafted wildcard names
To manage notifications about this bug go to:
https://bugs.launchpad.net/bzr/+bug/1182124/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
