New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security issue in audit.ssl_certificate plugin #13875
Comments
@LocutusOfBorg thanks for finding and reporting this! I'm curious, how did you stumble with this issue? |
I'm the Debian maintainer, and I tried to look at all the open bugs against w3af, to make sure they were all reported/fixed or to report them :) |
I know who you're :) But did you review all the source for w3af? Did a tool reported this? |
they say traumatic experiences are easily forgotten :)
the CVE was reported against python, and somebody checked on codesearch.debian.net (a service that gives you a search engine about code in the whole debian main archive) something like this I guess but I might be wrong eh :) |
the embedded copy of ssl certificate handler suffers from a known CVE-2013-2099
http://bugs.python.org/issue17980
https://hg.python.org/cpython/rev/b9b521efeba3
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709071
CVE request: http://www.openwall.com/lists/oss-security/2013/05/15/6
Upstream: http://bugs.python.org/issue17980
The text was updated successfully, but these errors were encountered: