Summary: | <dev-python/slixmpp-1.8.3: missing certificate hostname validation | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Florian Schmaus <flow> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | flow, mgorny, python |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://lab.louiz.org/poezio/slixmpp/-/commit/b60b1b985db928532f97c4f61d6fbc801f0aa7fa | ||
Whiteboard: | B4 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 881211 | ||
Bug Blocks: |
Description
Florian Schmaus
2022-11-13 10:45:30 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cfed4940a901879b99a287b9ab781a7061bec7f5 commit cfed4940a901879b99a287b9ab781a7061bec7f5 Author: Florian Schmaus <flow@gentoo.org> AuthorDate: 2022-11-13 11:06:07 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2022-11-13 11:06:21 +0000 dev-python/slixmpp: add 1.8.3 Bug: https://bugs.gentoo.org/881181 Signed-off-by: Florian Schmaus <flow@gentoo.org> dev-python/slixmpp/Manifest | 1 + dev-python/slixmpp/slixmpp-1.8.3.ebuild | 37 +++++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+) cleanup done Thanks both! Florian, do you think we should GLSA? > Florian, do you think we should GLSA?
Yes, I believe the severity of the issue would justify an GLSA.
GLSA request filed The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=6f987355d399e46bce92bf271bd9b94ff1a3e454 commit 6f987355d399e46bce92bf271bd9b94ff1a3e454 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-05-03 09:47:08 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-03 09:54:22 +0000 [ GLSA 202305-07 ] slixmpp: Insufficient Certificate Validation Bug: https://bugs.gentoo.org/881181 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202305-07.xml | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) |