From ${URL} : It was reported [1] that Python 2.7.8 fixes a potential wraparound in buffer() with possible CWE-200 implications. Though the request says "Python 2.7", vulnerable code appears to exist in EOL'd versions 1.6.1 through 2.6.9 as well PoC: --- overflow.py --- import sys a = bytearray('here be dragons') b = buffer(a, sys.maxsize, sys.maxsize) print b[:8192] ------------------- Upstream fix is in [2] [1]: http://seclists.org/oss-sec/2014/q3/638 [2]: https://hg.python.org/cpython/diff/8d963c7db507/Objects/bufferobject.c @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Wouldn't this be covered by the python-2.7.8 ebuild already in the tree?
(In reply to Mike Gilbert from comment #1) > Wouldn't this be covered by the python-2.7.8 ebuild already in the tree? yes
Please proceed with stabilization then.
stabilizing <dev-lang/python-2.7.9-r1 as part of bug 532232
CVE-2014-7185 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7185): Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.
This issue was resolved and addressed in GLSA 201503-10 at https://security.gentoo.org/glsa/201503-10 by GLSA coordinator Kristian Fiskerstrand (K_F).
