Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 246991 (CVE-2008-5031)

Summary: <dev-lang/python-2.5.4 multiple integer overflows (stringobject.c/unicodeobject.c) (CVE-2008-5031)
Product: Gentoo Security Reporter: Stefan Behte (RETIRED) <craig>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: python
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://svn.python.org/view?rev=61350&view=rev
Whiteboard: A3 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on: 252317    
Bug Blocks:    

Description Stefan Behte (RETIRED) gentoo-dev Security 2008-11-15 22:34:39 UTC 
CVE-2008-5031 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5031):
  Multiple integer overflows in Python 2.5.2 allow context-dependent
  attackers to have an unknown impact via a large integer value in the
  tabsize argument to the expandtabs method, as implemented by (1) the
  string_expandtabs function in Objects/stringobject.c and (2) the
  unicode_expandtabs function in Objects/unicodeobject.c.  NOTE: this
  vulnerability reportedly exists because of an incomplete fix for
  CVE-2008-2315.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2008-11-30 16:25:41 UTC 
Python: *ping*
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2009-01-13 18:20:19 UTC 
pytho herd, please apply the release-2.5-maint fixes.
Comment 4 Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev 2009-05-18 15:11:25 UTC 
It is fixed in 2.5.4. 2.5.4-r2 is stable on all architectures.
Comment 5 Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev 2009-05-28 15:43:30 UTC 
2.4.6 is now also stable on all architectures.
Comment 6 Robert Buchholz (RETIRED) gentoo-dev 2009-07-10 13:25:37 UTC 
glsa request filed
Comment 7 Robert Buchholz (RETIRED) gentoo-dev 2009-07-19 18:14:25 UTC 
GLSA 200907-16