Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <5181F885.1090902@redhat.com>
Date: Wed, 01 May 2013 23:24:21 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Marc Deslauriers <marc.deslauriers@...onical.com>
Subject: Re: CVE Request: httplib2 ssl cert incorrect error
 handling

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/01/2013 05:15 PM, Marc Deslauriers wrote:
> Hello,
> 
> httplib2 only validates SSL certificates on the first request to a 
> connection, and doesn't report validation failures on subsequent
> requests.
> 
> Bugs:
> 
> http://code.google.com/p/httplib2/issues/detail?id=282 
> https://bugs.launchpad.net/httplib2/+bug/1175272
> 
> Could a CVE please be assigned to this issue?
> 
> Thanks,
> 
> Marc.

Please use CVE-2013-2037 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRgfiFAAoJEBYNRVNeJnmTg+UQAL5ueIwrbq6ns/GXuiJgvxYN
YjI/jX1scN6SEKWUzLdJx6Mewmj4sbHZ2hR2wtcICcc7OuyeZqtqTC3eEPPF04a9
3Y5eX5hzFbRBY6TXGgbxX4ZpzSbhri1Ro1NiGnR4xVbdyvtSr+Y8uBZBol2A7E+q
aEmq+iNO2yzlzoK8xOzi0mIGNVo50mMnEdFOt8xVKOQLwL+oY8IXul30VMm79CHK
0VCIXY9W9CAdBxXo5UYm8Wb9l9w6l5A0e3G/czxxGnuXcKB1HQPUUyVAFlqEaSoD
sAvXJ3POKzC9g/2LdNFfcSl7GBVsfWK1/RQyeUgUYullePKy2GVjgvKyN1DESscj
VP1unLjS4gNyDaCXWTLbSgcFA5Rv0wL4H3aZ+qzDVgZd2l9a8DsR0Y/Lj93ldpAA
bn6OVRaj41spYiLgS0ncAcORh6eDTIHjefvzOGuU22+NS7S+WfG81KYROgligUjg
jkrkyjups6Hq9QrroH5L/1QzjICxBKjaE63bI0zxH4xBTUpktEzpeeIcbLE+WZKn
9WPTG2W3Wpq82GLtoPDGLScM5vIEKnuRxTZJdEMrpAAALQenWeDdRzgeQgPLI7wD
mCNibsd7iEk39GCkMc2wAa6P2AF81oZ2tmpJEbC9SWW7h8hzwDFvpudi18IYNIdg
G8IvkreCuaSIiwqm9kQG
=cTrc
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.