python-httplib2 < 0.7.0 doesn't validate server certificates
Bug #882030 reported by
Marc Deslauriers
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
python-httplib2 (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Lucid |
Fix Released
|
High
|
Unassigned | ||
Maverick |
Fix Released
|
High
|
Unassigned | ||
Natty |
Fix Released
|
High
|
Unassigned | ||
Oneiric |
Fix Released
|
High
|
Unassigned | ||
Precise |
Fix Released
|
High
|
Unassigned |
Bug Description
python-httplib2 added support for checking https certificates in 0.7.0. The packages currently in Natty and older don't perform any certificate validation, permitting man in the middle attacks on any software that uses the library and doesn't perform checks of it's own.
Changed in python-httplib2 (Ubuntu): | |
status: | New → Confirmed |
To post a comment you must log in.
For Oneiric, see bug 882027: it doesn't use the system CA certs by default.