FS#8284 - Security bug in python 2.5.1

Attached to Project: Arch Linux
Opened by Hussam Al-Tayeb (hussam) - Wednesday, 10 October 2007, 15:15 GMT
Last edited by Andreas Radke (AndyRTR) - Sunday, 14 October 2007, 19:10 GMT
Task Type Bug Report
Category Security
Status Closed
Assigned To Jason Chu (jason)
Andreas Radke (AndyRTR)
Architecture All
Severity Medium
Priority Normal
Reported Version 2007.08-2
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

The following link describes a multiple integer overflow bug in python 2.5.1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4965

A fix is available here http://bugs.python.org/file8450/python-2.5.CVE-2007-4965-int-overflow.patch

Note that we have python in both extra and testing so both would need to be patched.
This might be achieved by a putting a patched python 2.5.1-1.1 update in extra and a 2.5.1-4 in testing.
This task depends upon

Closed by  Andreas Radke (AndyRTR)
Sunday, 14 October 2007, 19:10 GMT
Reason for closing:  Deferred
Comment by Hussam Al-Tayeb (hussam) - Sunday, 14 October 2007, 00:52 GMT
python 2.5.1-3 moved to extra so this means only one rebuild with the fix is needed.
Comment by Andreas Radke (AndyRTR) - Sunday, 14 October 2007, 19:10 GMT
http://mail.python.org/pipermail/python-dev/2007-October/074896.html - according to this and that the sec bug seems to be not so important to get annouced on sec lists i think we can delay this and wait for a new release.

Loading...