[Python-modules-team] Bug#692444: tweepy: CVE-2012-5821
Petter Reinholdtsen
pere at hungry.com
Thu Jun 9 11:39:43 UTC 2016
Control: retitle -1 tweepy: CVE-2012-5825 Fail to verify hostname against X.509 certificate
I looked into how to get a fix for this issue into Debian stable (Jessie).
It is easier said than done, as the fix implemented upstream was to rewrite
the HTTPS connection code from using httplib to using eequests, ie a different
python library. I doubt such change would be accepted by the
release managers, and do not intend to spend more time on it. Sad to say,
but I believe this security issue will have to stay around in Debian Stable.
See also
<URL: https://security-tracker.debian.org/tracker/CVE-2012-5825 >.
--
Happy hacking
Petter Reinholdtsen
More information about the Python-modules-team
mailing list