Package: libcloud Severity: grave Tags: security Justification: user security hole
Hi, a new libcloud was released, fixing a MITM vulnerability in the TLS/SSL certificates verification. Basically the hostname/CN check is done using a wrong regular expression which will match even superset of the hostname. See http://libcloud.apache.org/security.html and https://github.com/apache/libcloud/commit/f2af5502dae3ac63e656dd1b7d5f29cc82ded401 and please upload an isolated fix to unstable, since we're in freeze. Regards, -- Yves-Alexis -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-grsec-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash _______________________________________________ Python-modules-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-modules-team
