2 matches found
CVE-2013-4328
CVE-2013-4238 affects Python’s SSL hostname verification in the SSL module (ssl.match_hostname) for Python 2.6–3.4. The issue is improper handling of a '\0' character in a domain name within the Subject Alternative Name field, enabling MITM-style spoofing with crafted certificates issued by a tru...
Updated python packages fix CVE-2013-4238 and pip
Updated python packages fix security vulnerability: Ryan Sleevi of the Google Chrome Security Team has discovered that Python's SSL module doesn't handle NULL bytes inside subjectAltNames general names. This could lead to a breach when an application uses ssl.matchhostname to match the hostname...