Debian Bug report logs -
#719566
python2.7: CVE-2013-4238: Python SSL module does not handle certificates that contain hostnames with NULL bytes
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 13 Aug 2013 07:42:25 UTC
Severity: grave
Tags: patch, security, upstream
Found in version python2.7/2.7.5-7
Fixed in version python2.7/2.7.5-8
Done: Matthias Klose <doko@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Matthias Klose <doko@debian.org>:
Bug#719566; Package python2.7.
(Tue, 13 Aug 2013 07:42:29 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Matthias Klose <doko@debian.org>.
(Tue, 13 Aug 2013 07:42:29 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: python2.7
Version: 2.7.5-7
Severity: grave
Tags: security upstream patch
Hi,
the following vulnerability was published for python2.7
CVE-2013-4238[0]:
Python SSL module does not handle certificates that contain hostnames with NULL bytes
See also upstream bugreport [1] which contains patches (also including tests).
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://security-tracker.debian.org/tracker/CVE-2013-4238
[1] http://bugs.python.org/issue18709
Regards,
Salvatore
Reply sent
to Matthias Klose <doko@debian.org>:
You have taken responsibility.
(Tue, 17 Sep 2013 16:51:17 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Tue, 17 Sep 2013 16:51:17 GMT) (full text, mbox, link).
Message #10 received at 719566-close@bugs.debian.org (full text, mbox, reply):
Source: python2.7
Source-Version: 2.7.5-8
We believe that the bug you reported is fixed in the latest version of
python2.7, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 719566@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Matthias Klose <doko@debian.org> (supplier of updated python2.7 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 17 Sep 2013 15:47:45 +0200
Source: python2.7
Binary: python2.7 libpython2.7-stdlib python2.7-minimal libpython2.7-minimal libpython2.7 python2.7-examples python2.7-dev libpython2.7-dev libpython2.7-testsuite idle-python2.7 python2.7-doc python2.7-dbg libpython2.7-dbg
Architecture: source all amd64
Version: 2.7.5-8
Distribution: unstable
Urgency: medium
Maintainer: Matthias Klose <doko@debian.org>
Changed-By: Matthias Klose <doko@debian.org>
Description:
idle-python2.7 - IDE for Python (v2.7) using Tkinter
libpython2.7 - Shared Python runtime library (version 2.7)
libpython2.7-dbg - Debug Build of the Python Interpreter (version 2.7)
libpython2.7-dev - Header files and a static library for Python (v2.7)
libpython2.7-minimal - Minimal subset of the Python language (version 2.7)
libpython2.7-stdlib - Interactive high-level object-oriented language (standard library
libpython2.7-testsuite - Testsuite for the Python standard library (v2.7)
python2.7 - Interactive high-level object-oriented language (version 2.7)
python2.7-dbg - Debug Build of the Python Interpreter (version 2.7)
python2.7-dev - Header files and a static library for Python (v2.7)
python2.7-doc - Documentation for the high-level object-oriented language Python
python2.7-examples - Examples for the Python language (v2.7)
python2.7-minimal - Minimal subset of the Python language (version 2.7)
Closes: 714802 715063 719566
Changes:
python2.7 (2.7.5-8) unstable; urgency=medium
.
* Update to 20130917, taken from the 2.7 branch.
- Fix SSL module to handle NULL bytes inside subjectAltNames general
names (CVE-2013-4238). Closes: #719566.
* Don't run the curses autopkg test.
* Set Multi-Arch attributes for binary packages.
* Fix multiarch include header for sparc64. Closes: #714802, #715063.
Checksums-Sha1:
e65c6d4b47b58e1143b7d57c6af6fe84af62664d 2439 python2.7_2.7.5-8.dsc
f96e19357688d114d63f3576017714c3d838243a 425497 python2.7_2.7.5-8.diff.gz
ee74037e6a2895ec08480d3b820c18ef1f95027a 588446 python2.7-examples_2.7.5-8_all.deb
73e1b34eef887bfc0a2623c42fb78716060d7bcc 2492640 libpython2.7-testsuite_2.7.5-8_all.deb
93e22703992b573538b6813eb17918d080682b1d 251768 idle-python2.7_2.7.5-8_all.deb
154a53c3431d4d78daa82591952362475f8773a2 4312242 python2.7-doc_2.7.5-8_all.deb
9ac3b83e1c60948505e6b40b899ce7a327679dfa 229528 python2.7_2.7.5-8_amd64.deb
58a88ee5d8f33771926de0dd02ed0f55130cac35 1862928 libpython2.7-stdlib_2.7.5-8_amd64.deb
18767a9573e685c79335d40e0b77978adf4843d1 1227542 python2.7-minimal_2.7.5-8_amd64.deb
4bcf1b77413758cb009a372e6a7201cd11b2194a 344988 libpython2.7-minimal_2.7.5-8_amd64.deb
16e3330941f43cdcddea18dd628c08c7fb13f490 1040798 libpython2.7_2.7.5-8_amd64.deb
377389d7cffc2c84d895cfec2ce54147a20cd371 296530 python2.7-dev_2.7.5-8_amd64.deb
2d9a2583156e917291f91988f656604365d41e6d 21974656 libpython2.7-dev_2.7.5-8_amd64.deb
6c4b4a5d8eac31cd599ab3f31ea11d76978edc30 6387174 python2.7-dbg_2.7.5-8_amd64.deb
8932f0b19f9b2fef11ec75cfbb1cce2e4b4a1d59 3887476 libpython2.7-dbg_2.7.5-8_amd64.deb
Checksums-Sha256:
2323f6afd95d7b5b900f6c98d617bcc7253a54a06b7c9749ff32fa949b338400 2439 python2.7_2.7.5-8.dsc
cab74e66a27d64e0fcf773e12f0ba3e217c72ff8653cc9efbf4d86b8dbad8e57 425497 python2.7_2.7.5-8.diff.gz
2ecda1f94fc0c625f853f6dd808f069cd7e98fdd51b2fb7924a45fa6e4690ae1 588446 python2.7-examples_2.7.5-8_all.deb
4457ce0b9de6c0b8f1cb1b94729d4cdb168486335387cba17d25c258e4c1c11b 2492640 libpython2.7-testsuite_2.7.5-8_all.deb
7447e0f4ed28fbd1a49a3429ac94aa146852e802a754c4e735c689c8e4e23c48 251768 idle-python2.7_2.7.5-8_all.deb
47c061dea67893b3ae352df211c007b0d7a20789296f647ad0c63c40440a3e13 4312242 python2.7-doc_2.7.5-8_all.deb
a1b0ee97d5303525bdc9339e1e8a3f64faaf9f20a467f250754a67c8cbe20b6a 229528 python2.7_2.7.5-8_amd64.deb
4fc3e285634b3ef97a819b8a5917d84a0bce6ba779496c7132dc50cbb39858e3 1862928 libpython2.7-stdlib_2.7.5-8_amd64.deb
a091bdae1827a66710fe5263cb2c8d5cccb74b1a97a32a940fc55449ae4f2143 1227542 python2.7-minimal_2.7.5-8_amd64.deb
da6df8decd8877df9dfd525765036415acee7d304064b263f8cc49bcd2b6fe98 344988 libpython2.7-minimal_2.7.5-8_amd64.deb
49a174556ae7b86f240c7918a704ce448c18d77dfbd68afc00eea2c8cae10f7b 1040798 libpython2.7_2.7.5-8_amd64.deb
fa55c7cdc9ad989063e0f2f6869c677d20810aa25eba8bfc6a81c556fc7bda55 296530 python2.7-dev_2.7.5-8_amd64.deb
fd108327bf07e004a57a6a289223d5528ccd3fd95976311194559c5f76da1c07 21974656 libpython2.7-dev_2.7.5-8_amd64.deb
98ddf31c5a83b1f3ed4f3a79074def08307486c955c30a2258ae9521a1f89a96 6387174 python2.7-dbg_2.7.5-8_amd64.deb
987ae10599866c19414f08d7b265cecb3e076dc791af233f4f4d787d7d38e0f9 3887476 libpython2.7-dbg_2.7.5-8_amd64.deb
Files:
e32762806e50c7c9e51c7c0d69914153 2439 python optional python2.7_2.7.5-8.dsc
a1862a9a68578e45812b3340a07cdda7 425497 python optional python2.7_2.7.5-8.diff.gz
6cba32ae9565823587aec473444a532d 588446 python optional python2.7-examples_2.7.5-8_all.deb
dde40350170c233f892624aab84ff90f 2492640 libdevel optional libpython2.7-testsuite_2.7.5-8_all.deb
e9e936f7f3e5e62f3b775501cf609987 251768 python optional idle-python2.7_2.7.5-8_all.deb
7c721f8e99477b5d735fd370973667f1 4312242 doc optional python2.7-doc_2.7.5-8_all.deb
98049cb611802d6943bdb27d6435e535 229528 python standard python2.7_2.7.5-8_amd64.deb
8500fc20363523ca7d1160e3ad15b670 1862928 python standard libpython2.7-stdlib_2.7.5-8_amd64.deb
ee79733a2a2e4ad82ab7133d4148bd6f 1227542 python standard python2.7-minimal_2.7.5-8_amd64.deb
6b8df800362207e6a54f68f948374f02 344988 python standard libpython2.7-minimal_2.7.5-8_amd64.deb
e08da3526ce36bfa519e9ff5c92dab84 1040798 libs standard libpython2.7_2.7.5-8_amd64.deb
b6affb526038cb21e49cde0531604e46 296530 python optional python2.7-dev_2.7.5-8_amd64.deb
9b47aa5676469227bcac4747e56fa3ac 21974656 libdevel optional libpython2.7-dev_2.7.5-8_amd64.deb
c8419b3d9be5a16ed4eebdacfc5e2ef4 6387174 debug extra python2.7-dbg_2.7.5-8_amd64.deb
b85402a2d9475d3573fb6512bfa266f7 3887476 debug extra libpython2.7-dbg_2.7.5-8_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
iEYEARECAAYFAlI4hBAACgkQStlRaw+TLJxMcQCbBd7IwKwjuZGjsBKTcZYB213c
CWcAoK56z+/UKKie1vu2A+2fXv2i09hj
=Thyj
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 22 Oct 2013 07:33:32 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:03:59 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon