Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE Request: httplib2 ssl cert incorrect error handling
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 01 May 2013 23:24:21 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/01/2013 05:15 PM, Marc Deslauriers wrote:
Hello,

httplib2 only validates SSL certificates on the first request to a 
connection, and doesn't report validation failures on subsequent
requests.

Bugs:

http://code.google.com/p/httplib2/issues/detail?id=282 
https://bugs.launchpad.net/httplib2/+bug/1175272

Could a CVE please be assigned to this issue?

Thanks,

Marc.

Please use CVE-2013-2037 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRgfiFAAoJEBYNRVNeJnmTg+UQAL5ueIwrbq6ns/GXuiJgvxYN
YjI/jX1scN6SEKWUzLdJx6Mewmj4sbHZ2hR2wtcICcc7OuyeZqtqTC3eEPPF04a9
3Y5eX5hzFbRBY6TXGgbxX4ZpzSbhri1Ro1NiGnR4xVbdyvtSr+Y8uBZBol2A7E+q
aEmq+iNO2yzlzoK8xOzi0mIGNVo50mMnEdFOt8xVKOQLwL+oY8IXul30VMm79CHK
0VCIXY9W9CAdBxXo5UYm8Wb9l9w6l5A0e3G/czxxGnuXcKB1HQPUUyVAFlqEaSoD
sAvXJ3POKzC9g/2LdNFfcSl7GBVsfWK1/RQyeUgUYullePKy2GVjgvKyN1DESscj
VP1unLjS4gNyDaCXWTLbSgcFA5Rv0wL4H3aZ+qzDVgZd2l9a8DsR0Y/Lj93ldpAA
bn6OVRaj41spYiLgS0ncAcORh6eDTIHjefvzOGuU22+NS7S+WfG81KYROgligUjg
jkrkyjups6Hq9QrroH5L/1QzjICxBKjaE63bI0zxH4xBTUpktEzpeeIcbLE+WZKn
9WPTG2W3Wpq82GLtoPDGLScM5vIEKnuRxTZJdEMrpAAALQenWeDdRzgeQgPLI7wD
mCNibsd7iEk39GCkMc2wAa6P2AF81oZ2tmpJEbC9SWW7h8hzwDFvpudi18IYNIdg
G8IvkreCuaSIiwqm9kQG
=cTrc
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]