Package name
bzr
Date
2013-09-10
Advisory ID
MDVSA-2013:229
Affected versions
MBS1 x86_64

Problem description

Updated bzr packages fix security vulnerabilities:

A denial of service flaw was found in the way SSL module implementation
of Python 3 performed matching of the certificate's name in the case
it contained many '*' wildcard characters. A remote attacker, able to
obtain valid certificate with its name containing a lot of '*' wildcard
characters could use this flaw to cause denial of service (excessive
CPU consumption) by issuing request to validate such a certificate
for / to an application using the Python's ssl.match_hostname()
functionality (CVE-2013-2099).

Updated packages

MBS1 x86_64

 563a17f7f5cb219760291c5266f2af4e  mbs1/x86_64/bzr-2.5.1-4.1.mbs1.x86_64.rpm 
 7503fdbb4f4fb3eb5d2ecc1e72676390  mbs1/SRPMS/bzr-2.5.1-4.1.mbs1.src.rpm

References