[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Python ssl handling could be better...

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Python ssl handling could be better...
From: dave b <db.pub.mail@xxxxxxxxx>
Date: Thu, 30 Sep 2010 01:12:29 +1000

Python ssl handling could be better...
See http://bugs.python.org/issue1589 for more information.

The for example following are vulnerable:
1. hg  http://mercurial.selenic.com/bts/issue2407
2. bzr (only if pycurl isn't installed - which by default it isn't)
https://bugs.edge.launchpad.net/bzr/+bug/651161
3. libcloud http://github.com/apache/libcloud/issues/issue/2
4. linode-python http://github.com/tjfontaine/linode-python/issues#issue/1

This full disclosure posting is to get more people to be aware of
these issues so they can *fix* or not *make* them in the future.

--
This night methinks is but the daylight sick.           -- William Shakespeare,
"The Merchant of Venice"

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Python ssl handling could be better...
  - From: dave b

Prev by Date: [Full-disclosure] CYBSEC Advisory 2010 0902 Achievo 1.4.3 (CSRF)
Next by Date: Re: [Full-disclosure] Python ssl handling could be better...
Previous by thread: [Full-disclosure] CYBSEC Advisory 2010 0902 Achievo 1.4.3 (CSRF)
Next by thread: Re: [Full-disclosure] Python ssl handling could be better...
Index(es):
- Date
- Thread