Summary: | dev-lang/python "PyLocale_strxfrm()" Off-By-One Information Disclosure (CVE-2007-2052) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Lars Hartmann <lars> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | python |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/25190/ | ||
Whiteboard: | A4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Lars Hartmann
2007-05-09 14:40:43 UTC
python please advise and bump as necessary. (In reply to comment #1) > python please advise and bump as necessary. > Patched in 2.4.4-r4. 2.5 will still be masked a couple weeks but 2.5.1 is unaffected. arches - please test target keywords are alpha, amd64, arm, hppa, ia64, mips, ppc, ppc64, s390, sparc, x86 ia64 + x86 stable Btw this needs python-updater stable also, kloeri said it's okay. target ebuild is dev-lang/python-2.4.4-r4 ppc64 stable CBUILD="hppa2.0-unknown-linux-gnu" appears not to equal CHOST="hppa2.0-unknown-linux-gnu" according to tc-is-cross-compiler, so FEATURES=test was skipped, sadly. Stable for HPPA anyhow. sparc stable. (In reply to comment #7) > CBUILD="hppa2.0-unknown-linux-gnu" appears not to equal > CHOST="hppa2.0-unknown-linux-gnu" according to tc-is-cross-compiler, so > FEATURES=test was skipped, sadly. > > Stable for HPPA anyhow. > The problem with skipping tests is fixed now. Alpha and Mips stable. amd64 done. ppc stable thanks for providing/testing guys Calling a vote, according to the policy. I vote "no" because of the very hard exploitation and very low impact. Voting NO and closing. Feel free to reopen if you disagree. |