CVE-2013-2098: Denial of service when matching certificate with many '*' wildcard characters
Submitting this bug upstream from Fedora.
CVE number CVE-2013-2098 has been assigned by the Red Hat Security Response Team.
A denial of service flaw was found in the way python-backports-ssl_match_hostname, an implementation that brings the ssl.match_hostname() function from Python 3.2 to users of earlier versions of Python, performed matching of the certificate's name in the case it contained many '' wildcard characters. A remote attacker, able to obtain valid certificate  with its name containing a lot of '*' wildcard characters, could use this flaw to cause denial of service (excessive CPU time consumption) by issuing request to validate that certificate for / in an application using the python-backports-ssl_match_hostname functionality.
Upstream bug report (now has a patch, not committed yet): http://bugs.python.org/issue17980
Red Hat Bugzilla tracking bug: https://bugzilla.redhat.com/show_bug.cgi?id=963260