Package: duplicity Version: 0.6.24-1 Severity: important Tags: security https://bugzilla.redhat.com/show_bug.cgi?id=1109999
Eric Christensen of Red Hat Product Security reported [1] that Duplicity did not handle wildcard certificates properly. If Duplicity were to connect to a remote host that used a wildcard certificate, and the hostname does not match the wildcard, it would still consider the connection valid. 1: https://bugs.launchpad.net/duplicity/+bug/1314234 I have no access to that bug item, but I can contact upstream if needed. --- Henri Salo
signature.asc
Description: Digital signature
