VDB
GCVE-110-MAGEIA-2015-91
GCVE-110-MAGEIA-2015-91
Advisory Published
Updated python packages fix security vulnerability:
When Python's standard library HTTP clients (httplib, urllib, urllib2,
xmlrpclib) are used to access resources with HTTPS, by default the certificate
is not checked against any trust store, nor is the hostname in the certificate
checked against the requested host. It was possible to configure a trust root
to be checked against, however there were no faculties for hostname checking
(CVE-2014-9365).
Note that this issue also affects python3, and is fixed upstream in version
3.4.3, but the fix was considered too intrusive to backport to Python3 3.3.x.
No update for the python3 package for this issue is planned at this time.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Cloudflare | access | — | — |
| Cloudflare | stream | — | — |
| Mageia | python | 2.7.9-1.mga4 (unaffected), 0 (affected), 0 (affected), 2.7.9-1.mga4 (unaffected) | — |
| AWS | config | — | — |
| Mageia | lightdm | 0 (affected), 1.14.2-1.mga5 (unaffected) | — |
References
Browse GCVE Records
73,044 records in the GCVE database · Updated July 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.