lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <AANLkTika=zSdZCU-zoVqw2RsqF9ZwseTKudg_fXmPmzK@mail.gmail.com>
Date: Thu, 30 Sep 2010 01:12:29 +1000
From: dave b <db.pub.mail@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Python ssl handling could be better...

Python ssl handling could be better...
See http://bugs.python.org/issue1589 for more information.

The for example following are vulnerable:
1. hg  http://mercurial.selenic.com/bts/issue2407
2. bzr (only if pycurl isn't installed - which by default it isn't)
https://bugs.edge.launchpad.net/bzr/+bug/651161
3. libcloud http://github.com/apache/libcloud/issues/issue/2
4. linode-python http://github.com/tjfontaine/linode-python/issues#issue/1

This full disclosure posting is to get more people to be aware of
these issues so they can *fix* or not *make* them in the future.

--
This night methinks is but the daylight sick.		-- William Shakespeare,
"The Merchant of Venice"

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ