Debian Bug report logs -
#692444
tweepy: CVE-2012-5825 Fail to verify hostname against X.509 certificate
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
:
Bug#692444
; Package tweepy
.
(Tue, 06 Nov 2012 11:12:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@inutil.org>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
.
(Tue, 06 Nov 2012 11:12:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: tweepy
Severity: important
Tags: security
Justification: user security hole
Please see Section 9 of this paper:
http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
Cheers,
Moritz
Added tag(s) upstream.
Request was from Miguel Landaeta <miguel@miguel.cc>
to control@bugs.debian.org
.
(Wed, 10 Apr 2013 22:03:09 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
:
Bug#692444
; Package tweepy
.
(Tue, 14 May 2013 19:36:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Miguel Landaeta <miguel@miguel.cc>
:
Extra info received and forwarded to list. Copy sent to Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
.
(Tue, 14 May 2013 19:36:05 GMT) (full text, mbox, link).
Message #14 received at 692444@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
tags 692444 + confirmed
thanks
The issue is confirmed by upstream. Please see:
https://github.com/tweepy/tweepy/issues/279#issuecomment-17898339
The current status for this bug is waiting for resolution from upstream.
--
Miguel Landaeta, miguel at miguel.cc
secure email with PGP 0x6E608B637D8967E9 available at
http://keyserver.pgp.com/
"Faith means not wanting to know what is true." -- Nietzsche
[Message part 2 (text/html, inline)]
Added tag(s) confirmed.
Request was from Miguel Landaeta <miguel@miguel.cc>
to control@bugs.debian.org
.
(Tue, 14 May 2013 19:36:08 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
:
Bug#692444
; Package tweepy
.
(Mon, 01 Dec 2014 14:36:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Miguel Landaeta <nomadium@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
.
(Mon, 01 Dec 2014 14:36:04 GMT) (full text, mbox, link).
Message #21 received at 692444@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Upstream claims to have fixed this in their 3.0.0 release.
https://github.com/tweepy/tweepy/issues/279#issuecomment-65017673
--
Miguel Landaeta, nomadium at debian.org
secure email with PGP 0x6E608B637D8967E9 available at http://miguel.cc/key.
"Faith means not wanting to know what is true." -- Nietzsche
[signature.asc (application/pgp-signature, inline)]
Reply sent
to Miguel Landaeta <nomadium@debian.org>
:
You have taken responsibility.
(Sun, 14 Dec 2014 19:06:10 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@inutil.org>
:
Bug acknowledged by developer.
(Sun, 14 Dec 2014 19:06:10 GMT) (full text, mbox, link).
Message #26 received at 692444-close@bugs.debian.org (full text, mbox, reply):
Source: tweepy
Source-Version: 3.1.0-1
We believe that the bug you reported is fixed in the latest version of
tweepy, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 692444@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Miguel Landaeta <nomadium@debian.org> (supplier of updated tweepy package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 14 Dec 2014 14:51:37 -0300
Source: tweepy
Binary: python-tweepy python-tweepy-doc
Architecture: source all
Version: 3.1.0-1
Distribution: experimental
Urgency: low
Maintainer: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
Changed-By: Miguel Landaeta <nomadium@debian.org>
Description:
python-tweepy - Twitter library for Python
python-tweepy-doc - Documentation for python-tweepy module
Closes: 692444
Changes:
tweepy (3.1.0-1) experimental; urgency=low
.
* New upstream release. (Closes: #692444).
Since 3.0.0 release a fix for security vulnerability CVE-2012-5821
is included.
* Bump Standards-Version to 3.9.6. No changes were required.
* Update copyright file.
* Drop 01_use_python_oauth.diff patch. Upstream doesn't use python-auth
library anymore.
* Simplify d/rules file.
* Bump dependency on debhelper to v9.
* Add B-D on python-pip, python-requests-oauthlib and dh-python.
Checksums-Sha1:
32bb73b558f610d2c67aea8bf5bacf48b6114287 2133 tweepy_3.1.0-1.dsc
7163763781aa23a4e1e2540e920fc77af8b854c4 597193 tweepy_3.1.0.orig.tar.gz
74a0c6b8b13f531dd93c55091daeeff9d4ffb7c0 3212 tweepy_3.1.0-1.debian.tar.xz
16a51bee6d6f6304c5327e9caf05f3f8d874feab 25436 python-tweepy_3.1.0-1_all.deb
62c7538771a17b3c4185037a5e8ff2ec4d45246f 54246 python-tweepy-doc_3.1.0-1_all.deb
Checksums-Sha256:
7eb850dfc72310f7a52d343d9390d2c4ac5d2ec7a8e398b55f691ef22c325dfe 2133 tweepy_3.1.0-1.dsc
876c53a9e3df04e1866869618f476ffe814bd11f2a165f5ca6a18714d557dd75 597193 tweepy_3.1.0.orig.tar.gz
4e00b14dd9ea531de98766ba3c0a262a14cb30e80f4607a0f55664e8e32506ed 3212 tweepy_3.1.0-1.debian.tar.xz
a1496dd2ebeb6c8ca1a033a358c541f7b5ac5e4f32dea563dbb3abe1386dc077 25436 python-tweepy_3.1.0-1_all.deb
3cb09a1b353a992601b75043203dddf76d35d503bf4124b07e6be30d932a8ed9 54246 python-tweepy-doc_3.1.0-1_all.deb
Files:
f3d92f4da8b13b6cb85cede4eaef3c4b 2133 python optional tweepy_3.1.0-1.dsc
358e750d6f865ebe83dbb2bc6e9235f4 597193 python optional tweepy_3.1.0.orig.tar.gz
a42b927a9dfb8c498dd160e23d1a1d4c 3212 python optional tweepy_3.1.0-1.debian.tar.xz
fdda5addd2272236b4ada24cac29eea7 25436 python optional python-tweepy_3.1.0-1_all.deb
809a4cb3ccc86e49b6379e27b1586afb 54246 doc optional python-tweepy-doc_3.1.0-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJUjdtnAAoJEGIODQuJV82lD4EP/3J47EKf5z3g2glakN5dUIIT
hM+1nRimOzekFiVTBmSQiT1+FNiEFSIl2gS1PWtsJ6xuVKAqlCVh0GwpXZ6kTLIv
O43I+7UW4o+0nJbOLHPOUdglfEPzvokf03I+dleC7PTuRT/qKh4oQyAtWKbOTd+k
h5K/upt2RWkw/fekWXDSLq5YOyCiiTIhn9+USBAKum7RODjIvfkFPudIbEXp4hbn
MVFo6TjOFJxY5gwgFNNxw1xICM1gD2ru7nZn8rj9fOuicY0Wiaq9CRiNsDZcfAa6
aAJdxsc140VEonXHt2NUVlK87Y+bZyn7oRAykJbhW7JwqMjnmSiaQku1wHR5OJTD
RaMt5UHXQHRYiZy5CeD/CEWE/kdshq59madwjDpB0Y05P+p6JoyrXkWNlQpskY5E
uXvt8rC6dChe1Z+YQiiTBJkZ+nVJ7mbyoMR+SNunUua36GeyZU3ItYWUi/kQ1nRy
rngHjVgxGR8CIRiLtsbvDhyH/QZbTb0rasbvGnrZDJW6pZ9Bf8pJiuUuGbOh5NzE
kt1IIYo8LW/KrsLa1d5XzEkgMWL/kl3kbo+YV/mgzPHrruWUsWJ+FSP6edvWmTWU
b7X6XDneA0MoUh4hVKbsaSILJalyF4rFafJn5E0eQMvQLAUMFyWM+f3RvKjNfjB7
p1rKwdQHJ8yUI5dYom1M
=KGwo
-----END PGP SIGNATURE-----
Marked as found in versions 2.3-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Sun, 14 Dec 2014 19:57:07 GMT) (full text, mbox, link).
Changed Bug title to 'tweepy: CVE-2012-5825' from 'tweepy: CVE-2012-5821'
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Sun, 14 Dec 2014 19:57:08 GMT) (full text, mbox, link).
Added tag(s) fixed-upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Sun, 14 Dec 2014 20:03:04 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Wed, 03 Jun 2015 07:28:56 GMT) (full text, mbox, link).
Bug unarchived.
Request was from Petter Reinholdtsen <pere@hungry.com>
to control@bugs.debian.org
.
(Thu, 09 Jun 2016 11:36:08 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
:
Bug#692444
; Package tweepy
.
(Thu, 09 Jun 2016 11:42:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Petter Reinholdtsen <pere@hungry.com>
:
Extra info received and forwarded to list. Copy sent to Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
.
(Thu, 09 Jun 2016 11:42:04 GMT) (full text, mbox, link).
Message #41 received at 692444@bugs.debian.org (full text, mbox, reply):
Control: retitle -1 tweepy: CVE-2012-5825 Fail to verify hostname against X.509 certificate
I looked into how to get a fix for this issue into Debian stable (Jessie).
It is easier said than done, as the fix implemented upstream was to rewrite
the HTTPS connection code from using httplib to using eequests, ie a different
python library. I doubt such change would be accepted by the
release managers, and do not intend to spend more time on it. Sad to say,
but I believe this security issue will have to stay around in Debian Stable.
See also
<URL: https://security-tracker.debian.org/tracker/CVE-2012-5825 >.
--
Happy hacking
Petter Reinholdtsen
Changed Bug title to 'tweepy: CVE-2012-5825 Fail to verify hostname against X.509 certificate' from 'tweepy: CVE-2012-5825'.
Request was from Petter Reinholdtsen <pere@hungry.com>
to 692444-submit@bugs.debian.org
.
(Thu, 09 Jun 2016 11:42:04 GMT) (full text, mbox, link).
Added tag(s) jessie, stretch, and sid.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Thu, 09 Jun 2016 16:15:03 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
:
Bug#692444
; Package tweepy
.
(Fri, 14 Oct 2016 04:06:03 GMT) (full text, mbox, link).
Acknowledgement sent
to "FedEx International Next Flight" <philip.simpson@androidfacts.net>
:
Extra info received and forwarded to list. Copy sent to Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
.
(Fri, 14 Oct 2016 04:06:03 GMT) (full text, mbox, link).
Message #50 received at 692444@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Dear Customer,
Your parcel has arrived at October 11. Courier was unable to deliver the parcel to you.
Delivery Label is attached to this email.
Yours trully,
Philip Simpson,
FedEx Station Manager.
[FedEx_00185155.zip (application/zip, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
:
Bug#692444
; Package tweepy
.
(Thu, 27 Oct 2016 23:45:03 GMT) (full text, mbox, link).
Acknowledgement sent
to "FedEx SmartPost" <eduardo.forbes@smartpharma.ae>
:
Extra info received and forwarded to list. Copy sent to Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
.
(Thu, 27 Oct 2016 23:45:03 GMT) (full text, mbox, link).
Message #55 received at 692444@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Dear Customer,
We could not deliver your parcel.
Shipment Label is attached to email.
Warm regards,
Eduardo Forbes,
Sr. Station Agent.
[Delivery_Notification_000206139.zip (application/zip, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
:
Bug#692444
; Package tweepy
.
(Sat, 29 Oct 2016 14:18:03 GMT) (full text, mbox, link).
Acknowledgement sent
to "FedEx Standard Overnight" <gordon.stern@sumrallservice.com>
:
Extra info received and forwarded to list. Copy sent to Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
.
(Sat, 29 Oct 2016 14:18:03 GMT) (full text, mbox, link).
Message #60 received at 692444@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Dear Customer,
Your parcel has arrived at October 25. Courier was unable to deliver the parcel to you.
Please, open email attachment to print shipment label.
Yours trully,
Gordon Stern,
Sr. Delivery Agent.
[FedEx_ID_0000905145.zip (application/zip, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
:
Bug#692444
; Package tweepy
.
(Tue, 22 Nov 2016 18:21:02 GMT) (full text, mbox, link).
Acknowledgement sent
to "FedEx 2Day" <br76@pewtrusts.org>
:
Extra info received and forwarded to list. Copy sent to Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
.
(Tue, 22 Nov 2016 18:21:02 GMT) (full text, mbox, link).
Message #65 received at 692444@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hello,
Your parcel has arrived at 22.11.2016. Courier was unable to deliver the parcel to you. Shipment Label is attached to email.
Sharell Alexis - Area Manager FedEx , CA
Yours faithfully
[FedEx.doc (application/msword, attachment)]
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Thu, 29 Dec 2016 08:30:02 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:02:49 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.