Hi. On Tue, Jun 17, 2014 at 08:39:48PM +0300, Henri Salo wrote: > > Eric Christensen of Red Hat Product Security reported [1] that Duplicity did > not > handle wildcard certificates properly. If Duplicity were to connect to a > remote > host that used a wildcard certificate, and the hostname does not match the > wildcard, it would still consider the connection valid. > > 1: https://bugs.launchpad.net/duplicity/+bug/1314234 > > I have no access to that bug item, but I can contact upstream if needed. >
I tried to access the above URL, and nothing happens there. Is this an error or an embargoed ticket ? It also seems that this CVE doesn't appear in launchpad's duplicity CVEs, but again, that may just be embargoed and masked without further notice ? If you have more details, that may be useful. Thanks in advance. Best regards, -- Olivier BERGER http://www-public.telecom-sudparis.eu/~berger_o/ - OpenPGP-Id: 2048R/5819D7E8 Ingenieur Recherche - Dept INF Institut Mines-Telecom, Telecom SudParis, Evry (France) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
