Summary: | <dev-lang/python-{2.7.7,3.2.5-r5,3.3.5-r1}: _json module is vulnerable to arbitrary process memory read (CVE-2014-4616) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Kristian Fiskerstrand (RETIRED) <k_f> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | normal | CC: | python, sudormrfhalt | ||||
Priority: | Normal | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | http://seclists.org/oss-sec/2014/q2/613 | ||||||
Whiteboard: | A3 [glsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Kristian Fiskerstrand (RETIRED)
2014-06-23 14:04:13 UTC
Upstream commits (taken from upstream tracker): 2.7: http://hg.python.org/cpython/rev/50c07ed1743d 3.1: http://hg.python.org/cpython/rev/a8facac493ef 3.2: http://hg.python.org/lookup/b9913eb96643 3.3: http://hg.python.org/lookup/4f15bd1ab28f 3.4: http://hg.python.org/lookup/7b95540ced5c 3.5: http://hg.python.org/lookup/3a414c709f1f Created attachment 381670 [details, diff]
CVE-2014-4616-json-bounds-check.patch
Cleanup done. Thanks. Added to existing GLSA request. This issue was resolved and addressed in GLSA 201503-10 at https://security.gentoo.org/glsa/201503-10 by GLSA coordinator Kristian Fiskerstrand (K_F). |