{"id":"MGASA-2013-0250","summary":"Updated python packages fix CVE-2013-4238 and pip","details":"Updated python packages fix security vulnerability:\n\nRyan Sleevi of the Google Chrome Security Team has discovered that Python's SSL\nmodule doesn't handle NULL bytes inside subjectAltNames general names. This\ncould lead to a breach when an application uses ssl.match_hostname() to match\nthe hostname againt the certificate's subjectAltName's dNSName general names.\n(CVE-2013-4238).\n\nAdditionally, an issue with installing Python packages with C extensions via\npip and virtualenv has been fixed in Mageia 3 (mga#10102).\n","modified":"2026-04-16T06:22:29.917997185Z","published":"2013-08-17T08:43:24Z","upstream":["CVE-2013-4238"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2013-0250.html"},{"type":"REPORT","url":"http://bugs.python.org/issue18709"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=10102"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=10989"}],"affected":[{"package":{"name":"python","ecosystem":"Mageia:2","purl":"pkg:rpm/mageia/python?arch=source&distro=mageia-2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.3-2.4.mga2"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0250.json"}},{"package":{"name":"python","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/python?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.5-1.2.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0250.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}