|
|
Log in / Subscribe / Register

python-bugzilla: missing certificate verification

Package(s):python-bugzilla CVE #(s):CVE-2013-2191
Created:July 8, 2013 Updated:July 10, 2013
Description: From the SUSE bugzilla entry:

It was found that python-bugzilla, a Python library for interacting with Bugzilla instances over XML-RPC functionality, did not perform X.509 certificate verification when using secured SSL connection. A man-in-the-middle (MiTM) attacker could use this flaw to spoof Bugzilla server via an arbitrary certificate.

Alerts:
Fedora FEDORA-2013-11397 python-bugzilla 2013-07-10
Fedora FEDORA-2013-11419 python-bugzilla 2013-07-10
openSUSE openSUSE-SU-2013:1155-1 python-bugzilla 2013-07-06
openSUSE openSUSE-SU-2013:1154-1 python-bugzilla 2013-07-06
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds