oss-sec mailing list archives
Re: CVE Request -- Mercurial --Doesn't verify subject Common Name properly
From: Marc Deslauriers <marc.deslauriers () canonical com>
Date: Sun, 14 Nov 2010 10:05:07 -0500
On Mon, 2010-10-11 at 15:48 -0400, Josh Bressers wrote:
Steve, Can I defer this one to MITRE? My initial thought is that python should get the ID, but they seem to want to push it up to the application developers, but they also added some functionality in http://svn.python.org/view?view=rev&revision=85321 Is there a past precedent for this?
Has any decision been made regarding CVE assignment for this? I've found some more python applications that aren't validating ssl certs, and am waiting to know how this is going to be handled. Thanks, Marc. -- Marc Deslauriers Ubuntu Security Engineer | http://www.ubuntu.com/ Canonical Ltd. | http://www.canonical.com/
Current thread:
- CVE Request -- Mercurial --Doesn't verify subject Common Name properly Jan Lieskovsky (Oct 08)
- <Possible follow-ups>
- Re: CVE Request -- Mercurial --Doesn't verify subject Common Name properly Josh Bressers (Oct 11)
- Re: CVE Request -- Mercurial --Doesn't verify subject Common Name properly Marc Deslauriers (Nov 14)
- Re: CVE Request -- Mercurial --Doesn't verify subject Common Name properly Steven M. Christey (Nov 15)
- Re: CVE Request -- Mercurial --Doesn't verify subject Common Name properly Marc Deslauriers (Nov 16)
- Re: CVE Request -- Mercurial --Doesn't verify subject Common Name properly Matthias Andree (Nov 17)
- Re: CVE Request -- Mercurial --Doesn't verify subject Common Name properly dave b (Nov 17)
- Re: CVE Request -- Mercurial --Doesn't verify subject Common Name properly Marc Deslauriers (Nov 14)
- Re: CVE Request -- Mercurial --Doesn't verify subject Common Name properly Ben Laurie (Nov 16)
- Re: CVE Request -- Mercurial --Doesn't verify subject Common Name properly Ludwig Nussel (Nov 17)
- Re: CVE Request -- Mercurial --Doesn't verify subject Common Name properly dave b (Nov 17)