{"id":"MGASA-2015-0091","summary":"Updated python packages fix CVE-2014-9365","details":"Updated python packages fix security vulnerability:\n\nWhen Python's standard library HTTP clients (httplib, urllib, urllib2,\nxmlrpclib) are used to access resources with HTTPS, by default the certificate\nis not checked against any trust store, nor is the hostname in the certificate\nchecked against the requested host. It was possible to configure a trust root\nto be checked against, however there were no faculties for hostname checking\n(CVE-2014-9365).\n\nNote that this issue also affects python3, and is fixed upstream in version\n3.4.3, but the fix was considered too intrusive to backport to Python3 3.3.x.\nNo update for the python3 package for this issue is planned at this time.\n","modified":"2026-04-16T01:46:43.771437386Z","published":"2015-03-05T19:34:09Z","upstream":["CVE-2014-9365"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2015-0091.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=14780"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1173041"}],"affected":[{"package":{"name":"python","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/python?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.9-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0091.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}