Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#8284 - Security bug in python 2.5.1
Attached to Project:
Arch Linux
Opened by Hussam Al-Tayeb (hussam) - Wednesday, 10 October 2007, 15:15 GMT
Last edited by Andreas Radke (AndyRTR) - Sunday, 14 October 2007, 19:10 GMT
Opened by Hussam Al-Tayeb (hussam) - Wednesday, 10 October 2007, 15:15 GMT
Last edited by Andreas Radke (AndyRTR) - Sunday, 14 October 2007, 19:10 GMT
|
DetailsThe following link describes a multiple integer overflow bug in python 2.5.1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4965 A fix is available here http://bugs.python.org/file8450/python-2.5.CVE-2007-4965-int-overflow.patch Note that we have python in both extra and testing so both would need to be patched. This might be achieved by a putting a patched python 2.5.1-1.1 update in extra and a 2.5.1-4 in testing. |
This task depends upon
Comment by Hussam Al-Tayeb (hussam) -
Sunday, 14 October 2007, 00:52 GMT
python 2.5.1-3 moved to extra so this means only one rebuild with the fix is needed.
Comment by Andreas Radke (AndyRTR) -
Sunday, 14 October 2007, 19:10 GMT
http://mail.python.org/pipermail/python-dev/2007-October/074896.html - according to this and that the sec bug seems to be not so important to get annouced on sec lists i think we can delay this and wait for a new release.