PYSEC-2014-115
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/portage/PYSEC-2014-115.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2014-115
- Withdrawn
- 2024-11-22T04:37:05Z
- Published
- 2014-09-29T22:55:00Z
- Modified
- 2025-10-09T05:21:02.298971Z
- Summary
- [none]
- Details
-
The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify binary package lists via a crafted certificate.
- References
Affected packages
PyPI / portage
Package
- Name
- portage
- View open source insights on deps.dev
- Purl
- pkg:pypi/portage
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
3.*
3.0.18
3.0.19
3.0.20
3.0.21
3.0.22
3.0.23
3.0.24
3.0.25
3.0.26
3.0.27
3.0.28
3.0.29
3.0.30
3.0.31
3.0.32
3.0.33
3.0.34
3.0.35
3.0.36
3.0.37
3.0.38
3.0.38.1
3.0.39
3.0.40
3.0.41
3.0.42
3.0.43
3.0.44
3.0.45
3.0.45.1
3.0.45.2
3.0.45.3
3.0.46
3.0.47
3.0.48
3.0.48.1
3.0.49
3.0.50
3.0.51
3.0.52
3.0.54
3.0.55
3.0.56
3.0.57
3.0.58
3.0.59
3.0.60
3.0.61
3.0.62
3.0.63
3.0.64
3.0.65
3.0.66
3.0.66.1
3.0.67
3.0.68
3.0.69
3.0.69.1