Your message dated Tue, 17 Sep 2013 16:49:06 +0000 with message-id <e1vlysy-0004pm...@franck.debian.org> and subject line Bug#719566: fixed in python2.7 2.7.5-8 has caused the Debian Bug report #719566, regarding python2.7: CVE-2013-4238: Python SSL module does not handle certificates that contain hostnames with NULL bytes to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 719566: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719566 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: python2.7 Version: 2.7.5-7 Severity: grave Tags: security upstream patch Hi, the following vulnerability was published for python2.7 CVE-2013-4238[0]: Python SSL module does not handle certificates that contain hostnames with NULL bytes See also upstream bugreport [1] which contains patches (also including tests). If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] http://security-tracker.debian.org/tracker/CVE-2013-4238 [1] http://bugs.python.org/issue18709 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: python2.7 Source-Version: 2.7.5-8 We believe that the bug you reported is fixed in the latest version of python2.7, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 719...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Matthias Klose <d...@debian.org> (supplier of updated python2.7 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 17 Sep 2013 15:47:45 +0200 Source: python2.7 Binary: python2.7 libpython2.7-stdlib python2.7-minimal libpython2.7-minimal libpython2.7 python2.7-examples python2.7-dev libpython2.7-dev libpython2.7-testsuite idle-python2.7 python2.7-doc python2.7-dbg libpython2.7-dbg Architecture: source all amd64 Version: 2.7.5-8 Distribution: unstable Urgency: medium Maintainer: Matthias Klose <d...@debian.org> Changed-By: Matthias Klose <d...@debian.org> Description: idle-python2.7 - IDE for Python (v2.7) using Tkinter libpython2.7 - Shared Python runtime library (version 2.7) libpython2.7-dbg - Debug Build of the Python Interpreter (version 2.7) libpython2.7-dev - Header files and a static library for Python (v2.7) libpython2.7-minimal - Minimal subset of the Python language (version 2.7) libpython2.7-stdlib - Interactive high-level object-oriented language (standard library libpython2.7-testsuite - Testsuite for the Python standard library (v2.7) python2.7 - Interactive high-level object-oriented language (version 2.7) python2.7-dbg - Debug Build of the Python Interpreter (version 2.7) python2.7-dev - Header files and a static library for Python (v2.7) python2.7-doc - Documentation for the high-level object-oriented language Python python2.7-examples - Examples for the Python language (v2.7) python2.7-minimal - Minimal subset of the Python language (version 2.7) Closes: 714802 715063 719566 Changes: python2.7 (2.7.5-8) unstable; urgency=medium . * Update to 20130917, taken from the 2.7 branch. - Fix SSL module to handle NULL bytes inside subjectAltNames general names (CVE-2013-4238). Closes: #719566. * Don't run the curses autopkg test. * Set Multi-Arch attributes for binary packages. * Fix multiarch include header for sparc64. Closes: #714802, #715063. Checksums-Sha1: e65c6d4b47b58e1143b7d57c6af6fe84af62664d 2439 python2.7_2.7.5-8.dsc f96e19357688d114d63f3576017714c3d838243a 425497 python2.7_2.7.5-8.diff.gz ee74037e6a2895ec08480d3b820c18ef1f95027a 588446 python2.7-examples_2.7.5-8_all.deb 73e1b34eef887bfc0a2623c42fb78716060d7bcc 2492640 libpython2.7-testsuite_2.7.5-8_all.deb 93e22703992b573538b6813eb17918d080682b1d 251768 idle-python2.7_2.7.5-8_all.deb 154a53c3431d4d78daa82591952362475f8773a2 4312242 python2.7-doc_2.7.5-8_all.deb 9ac3b83e1c60948505e6b40b899ce7a327679dfa 229528 python2.7_2.7.5-8_amd64.deb 58a88ee5d8f33771926de0dd02ed0f55130cac35 1862928 libpython2.7-stdlib_2.7.5-8_amd64.deb 18767a9573e685c79335d40e0b77978adf4843d1 1227542 python2.7-minimal_2.7.5-8_amd64.deb 4bcf1b77413758cb009a372e6a7201cd11b2194a 344988 libpython2.7-minimal_2.7.5-8_amd64.deb 16e3330941f43cdcddea18dd628c08c7fb13f490 1040798 libpython2.7_2.7.5-8_amd64.deb 377389d7cffc2c84d895cfec2ce54147a20cd371 296530 python2.7-dev_2.7.5-8_amd64.deb 2d9a2583156e917291f91988f656604365d41e6d 21974656 libpython2.7-dev_2.7.5-8_amd64.deb 6c4b4a5d8eac31cd599ab3f31ea11d76978edc30 6387174 python2.7-dbg_2.7.5-8_amd64.deb 8932f0b19f9b2fef11ec75cfbb1cce2e4b4a1d59 3887476 libpython2.7-dbg_2.7.5-8_amd64.deb Checksums-Sha256: 2323f6afd95d7b5b900f6c98d617bcc7253a54a06b7c9749ff32fa949b338400 2439 python2.7_2.7.5-8.dsc cab74e66a27d64e0fcf773e12f0ba3e217c72ff8653cc9efbf4d86b8dbad8e57 425497 python2.7_2.7.5-8.diff.gz 2ecda1f94fc0c625f853f6dd808f069cd7e98fdd51b2fb7924a45fa6e4690ae1 588446 python2.7-examples_2.7.5-8_all.deb 4457ce0b9de6c0b8f1cb1b94729d4cdb168486335387cba17d25c258e4c1c11b 2492640 libpython2.7-testsuite_2.7.5-8_all.deb 7447e0f4ed28fbd1a49a3429ac94aa146852e802a754c4e735c689c8e4e23c48 251768 idle-python2.7_2.7.5-8_all.deb 47c061dea67893b3ae352df211c007b0d7a20789296f647ad0c63c40440a3e13 4312242 python2.7-doc_2.7.5-8_all.deb a1b0ee97d5303525bdc9339e1e8a3f64faaf9f20a467f250754a67c8cbe20b6a 229528 python2.7_2.7.5-8_amd64.deb 4fc3e285634b3ef97a819b8a5917d84a0bce6ba779496c7132dc50cbb39858e3 1862928 libpython2.7-stdlib_2.7.5-8_amd64.deb a091bdae1827a66710fe5263cb2c8d5cccb74b1a97a32a940fc55449ae4f2143 1227542 python2.7-minimal_2.7.5-8_amd64.deb da6df8decd8877df9dfd525765036415acee7d304064b263f8cc49bcd2b6fe98 344988 libpython2.7-minimal_2.7.5-8_amd64.deb 49a174556ae7b86f240c7918a704ce448c18d77dfbd68afc00eea2c8cae10f7b 1040798 libpython2.7_2.7.5-8_amd64.deb fa55c7cdc9ad989063e0f2f6869c677d20810aa25eba8bfc6a81c556fc7bda55 296530 python2.7-dev_2.7.5-8_amd64.deb fd108327bf07e004a57a6a289223d5528ccd3fd95976311194559c5f76da1c07 21974656 libpython2.7-dev_2.7.5-8_amd64.deb 98ddf31c5a83b1f3ed4f3a79074def08307486c955c30a2258ae9521a1f89a96 6387174 python2.7-dbg_2.7.5-8_amd64.deb 987ae10599866c19414f08d7b265cecb3e076dc791af233f4f4d787d7d38e0f9 3887476 libpython2.7-dbg_2.7.5-8_amd64.deb Files: e32762806e50c7c9e51c7c0d69914153 2439 python optional python2.7_2.7.5-8.dsc a1862a9a68578e45812b3340a07cdda7 425497 python optional python2.7_2.7.5-8.diff.gz 6cba32ae9565823587aec473444a532d 588446 python optional python2.7-examples_2.7.5-8_all.deb dde40350170c233f892624aab84ff90f 2492640 libdevel optional libpython2.7-testsuite_2.7.5-8_all.deb e9e936f7f3e5e62f3b775501cf609987 251768 python optional idle-python2.7_2.7.5-8_all.deb 7c721f8e99477b5d735fd370973667f1 4312242 doc optional python2.7-doc_2.7.5-8_all.deb 98049cb611802d6943bdb27d6435e535 229528 python standard python2.7_2.7.5-8_amd64.deb 8500fc20363523ca7d1160e3ad15b670 1862928 python standard libpython2.7-stdlib_2.7.5-8_amd64.deb ee79733a2a2e4ad82ab7133d4148bd6f 1227542 python standard python2.7-minimal_2.7.5-8_amd64.deb 6b8df800362207e6a54f68f948374f02 344988 python standard libpython2.7-minimal_2.7.5-8_amd64.deb e08da3526ce36bfa519e9ff5c92dab84 1040798 libs standard libpython2.7_2.7.5-8_amd64.deb b6affb526038cb21e49cde0531604e46 296530 python optional python2.7-dev_2.7.5-8_amd64.deb 9b47aa5676469227bcac4747e56fa3ac 21974656 libdevel optional libpython2.7-dev_2.7.5-8_amd64.deb c8419b3d9be5a16ed4eebdacfc5e2ef4 6387174 debug extra python2.7-dbg_2.7.5-8_amd64.deb b85402a2d9475d3573fb6512bfa266f7 3887476 debug extra libpython2.7-dbg_2.7.5-8_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iEYEARECAAYFAlI4hBAACgkQStlRaw+TLJxMcQCbBd7IwKwjuZGjsBKTcZYB213c CWcAoK56z+/UKKie1vu2A+2fXv2i09hj =Thyj -----END PGP SIGNATURE-----
--- End Message ---
