lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <AANLkTika=zSdZCU-zoVqw2RsqF9ZwseTKudg_fXmPmzK@mail.gmail.com> Date: Thu, 30 Sep 2010 01:12:29 +1000 From: dave b <db.pub.mail@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: Python ssl handling could be better... Python ssl handling could be better... See http://bugs.python.org/issue1589 for more information. The for example following are vulnerable: 1. hg http://mercurial.selenic.com/bts/issue2407 2. bzr (only if pycurl isn't installed - which by default it isn't) https://bugs.edge.launchpad.net/bzr/+bug/651161 3. libcloud http://github.com/apache/libcloud/issues/issue/2 4. linode-python http://github.com/tjfontaine/linode-python/issues#issue/1 This full disclosure posting is to get more people to be aware of these issues so they can *fix* or not *make* them in the future. -- This night methinks is but the daylight sick. -- William Shakespeare, "The Merchant of Venice" _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/