Summary: | <dev-python/twisted-core-14.0.1: trustRoot not respected in HTTP client | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | python |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2014/09/17/4 | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-09-18 08:26:11 UTC
Only v14.x branch was affected because this was the branch when the feature was developed, see https://twistedmatrix.com/trac/ticket/4888. Affected version hit Gentoo repository via https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/dev-python/twisted-core/twisted-core-14.0.0.ebuild?hideattic=1&view=log Fixed version appeared via https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/dev-python/twisted-core/twisted-core-14.0.1.ebuild?hideattic=1&view=log However v14.x branch was already cleaned up via https://gitweb.gentoo.org/repo/gentoo.git/commit/dev-python/twisted-core?id=30aa69ba0c44805daa77f664a35643eed86c697d so nothing left to do for us. @ Maintainer(s): Security recommends to stabilize v15+ in near future because validating certificates is a must these days and this feature isn't present in the current stable branch. However that's not part of this bug. @ Security: Please vote! GLSA Vote: No |