oss-security - Re: CVE Request -- Mercurial --Doesn't verify subject Common Name properly

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date: Sun, 14 Nov 2010 10:05:07 -0500
From: Marc Deslauriers <marc.deslauriers@...onical.com>
To: oss-security@...ts.openwall.com
Cc: Bill Janssen <bill.janssen@...il.com>, Andreas Hasenack
 <ahasenack@...ra.com.br>, Mads Kiilerich <mads@...lerich.com>, "Steven M.
 Christey" <coley@...us.mitre.org>
Subject: Re: CVE Request -- Mercurial --Doesn't verify
 subject Common Name properly

On Mon, 2010-10-11 at 15:48 -0400, Josh Bressers wrote:
> Steve,
> 
> Can I defer this one to MITRE? My initial thought is that python should get
> the ID, but they seem to want to push it up to the application developers,
> but they also added some functionality in
> http://svn.python.org/view?view=rev&revision=85321
> 
> Is there a past precedent for this?
> 

Has any decision been made regarding CVE assignment for this? I've found
some more python applications that aren't validating ssl certs, and am
waiting to know how this is going to be handled.

Thanks,

Marc.

-- 
Marc Deslauriers
Ubuntu Security Engineer     | http://www.ubuntu.com/
Canonical Ltd.               | http://www.canonical.com/

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.