CVE-2013-2099

Name	CVE-2013-2099
Description	Algorithmic complexity vulnerability in the ssl.match_hostname functio ...
Source	CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-1107-1
Debian Bugs	708530, 709066, 709067, 709068, 709069, 709070, 709071, 709486

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
bzr (PTS)	bookworm, bullseye, trixie	2.7.0+bzr6622+brz	fixed
linkchecker (PTS)	bullseye	10.0.1-2	fixed
	bookworm	10.2.1-1	fixed
	trixie	10.5.0-1	fixed
	forky, sid	10.6.0-2	fixed
python-tornado (PTS)	bullseye	6.1.0-1	fixed
	bullseye (security)	6.1.0-1+deb11u4	fixed
	bookworm	6.2.0-3+deb12u2	fixed
	bookworm (security)	6.2.0-3+deb12u4	fixed
	trixie	6.4.2-3	fixed
	trixie (security)	6.4.2-3+deb13u2	fixed
	forky, sid	6.5.5-1	fixed
python-urllib3 (PTS)	bullseye	1.26.5-1~exp1	fixed
	bullseye (security)	1.26.5-1~exp1+deb11u3	fixed
	bookworm	1.26.12-1+deb12u1	fixed
	bookworm (security)	1.26.12-1+deb12u3	fixed
	trixie (security), trixie	2.3.0-3+deb13u1	fixed
	forky, sid	2.6.3-2	fixed
python2.7 (PTS)	bullseye	2.7.18-8+deb11u1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
bzr	source	wheezy	2.6.0~bzr6526-1+deb7u1		DLA-1107-1
bzr	source	(unstable)	2.6.0~bzr6574-1	low		709068
linkchecker	source	(unstable)	8.5-1	low		709067
python-tornado	source	(unstable)	2.4.1-3	low		709069
python-urllib3	source	(unstable)	1.6-2	low		709070
python2.5	source	(unstable)	(not affected)
python2.6	source	(unstable)	(not affected)
python2.7	source	wheezy	(not affected)
python2.7	source	(unstable)	2.7.5-5	low		709066
python3.1	source	(unstable)	(not affected)
python3.2	source	(unstable)	(unfixed)	low		708530
python3.3	source	(unstable)	3.3.2-3	low		708530
u1db	source	(unstable)	13.10-1	low		709486
w3af	source	(unstable)	(unfixed)	low		709071

Notes

[wheezy] - python2.7 <not-affected> (Backport was introduced in 2.7.3-11)
[wheezy] - linkchecker <no-dsa> (Minor issue)
[squeeze] - linkchecker <no-dsa> (Minor issue)
[wheezy] - python3.2 <no-dsa> (Minor issue)
- python2.6 <not-affected> (Introduced in Python 3.2)
- python2.5 <not-affected> (Introduced in Python 3.2)
- python3.1 <not-affected> (Introduced in Python 3.2)
[squeeze] - bzr <no-dsa> (Minor issue)
[wheezy] - python-urllib3 <no-dsa> (Minor issue)
[wheezy] - python-tornado <no-dsa> (Minor issue)
[squeeze] - python-tornado <no-dsa> (Minor issue)
[jessie] - w3af <no-dsa> (Minor issue)
[wheezy] - w3af <no-dsa> (Minor issue)
[squeeze] - w3af <no-dsa> (Minor issue)