Mandriva Linux Security Advisory 2013-214 – Ryan Sleevi of the Google Chrome Security Team has discovered that Python’s SSL module doesn’t handle NULL bytes inside subjectAltNames general names. This could lead to a breach when an application uses ssl.match_hostname() to match the hostname againt the certificate’s subjectAltName’s dNSName general names…. Mandriva Linux Security Advisory 2013-214 – Ryan Sleevi of the Google Chrome Security Team has discovered that Python’s SSL module doesn’t handle NULL bytes inside subjectAltNames general names. This could lead to a breach when an application uses ssl.match_hostname() to match the hostname againt the certificate’s subjectAltName’s dNSName general names.

Read more http://packetstormsecurity.com/files/122886/MDVSA-2013-214.txt