Bug 873908
Summary: | CVE-2011-5241 php-pear-Service-Twitter: does not verify that a server hostname matches a domain name in the CN or subjectAltName field of X.509 certs [epel-6] | ||
---|---|---|---|
Product: | [Fedora] Fedora EPEL | Reporter: | Vincent Danen <vdanen> |
Component: | php-pear-Services-Twitter | Assignee: | Remi Collet <fedora> |
Status: | CLOSED EOL | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | el6 | CC: | fedora, pj.pandit |
Target Milestone: | --- | Keywords: | Security, SecurityTracking |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | fst_owner=pjp | ||
Fixed In Version: | Doc Type: | Release Note | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-11-30 15:23:56 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 873906 |
Description
Vincent Danen
2012-11-06 23:06:20 UTC
Please use the following update submission link to create the Bodhi request for this issue as it contains the top-level parent bug(s) as well as this tracking bug. This will ensure that all associated bugs get updated when new packages are pushed to stable. Please also ensure that the "Close bugs when update is stable" option remains checked. Bodhi update submission link: https://admin.fedoraproject.org/updates/new/?type_=security&bugs=873906,873908 -> https://bugzilla.redhat.com/show_bug.cgi?id=873906#c1 From above comment it seems the issue is unrelated to the php-pear-Services-Twitter package, it does not support ssl_verify_peer over SSL -> https://github.com/pear/Services_Twitter/blob/trunk/Services/Twitter.php#L489 Could this bug be closed if it's not going to be fixed? Hello Remi, you plan to fix it? This package is mostly dead upstream... So I need to check I can fix it myself, and if it still work. Hello Remi, (In reply to Remi Collet from comment #4) > This package is mostly dead upstream... > So I need to check I can fix it myself, and if it still work. Well, in that case IMO, best course is to retire the package and close any bugs against it. Please see: -> https://fedoraproject.org/wiki/How_to_remove_a_package_at_end_of_life Thank you. Hello Remi, Did you have chance to look at it? Please close this bug if no action pending. Thank you. This message is a reminder that EPEL 6 is nearing its end of life. Fedora will stop maintaining and issuing updates for EPEL 6 on 2020-11-30. It is our policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a 'version' of 'el6'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later EPEL version. Thank you for reporting this issue and we are sorry that we were not able to fix it before EPEL 6 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. This message is a reminder that EPEL 6 is nearing its end of life. Fedora will stop maintaining and issuing updates for EPEL 6 on 2020-11-30. It is policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a 'version' of 'el6'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later EPEL version. Thank you for reporting this issue and we are sorry that we were not able to fix it before EPEL 6 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version, you are encouraged to change the 'version' to a later version prior this bug is closed as described in the policy above. EPEL el6 changed to end-of-life (EOL) status on 2020-11-30. EPEL el6 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of EPEL please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed. The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days |