Summary: | <dev-lang/python-2.7.15: Heap-Buffer-Overflow and Heap-Use-After-Free in Objects/fileobject.c (CVE-2018-1000030) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Dimitris Nakos (sokan) <sokan> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | maracay, mgorny, python |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugs.python.org/issue31530 | ||
Whiteboard: | A3 [glsa+ cve] | ||
Package list: |
dev-lang/python-2.7.15
|
Runtime testing required: | --- |
Deadline: | 2018-09-22 |
Description
Dimitris Nakos (sokan)
2018-02-16 15:20:50 UTC
@Maintainers we seem to be affected by this CVE, please confirm if that's the case. Thank you This seems to still be vulnerable, reference SUSE ticket cherry pick patch comments: > This issue is fixed by upstream patch 6401e5671781eb217ee1afb4603cc0d1b0367ae6. > Since that solution had unintended side-effects, another commit was added on top of it in dbf52e02f18dac6f5f0a64f78932f3dc6efc056b. https://bugzilla.novell.com/show_bug.cgi?id=1079300#c2 Commits: https://github.com/python/cpython/commit/6401e5671781eb217ee1afb4603cc0d1b0367ae6 https://github.com/python/cpython/commit/dbf52e02f18dac6f5f0a64f78932f3dc6efc056b @ maintainer(s): can we start stabilization of =dev-lang/python-2.7.15? Sure. Arch teams, please proceed. arm64 stable amd64 stable x86 stable Stable on alpha. arm stable hppa stable ppc stable ppc64 stable sparc done. s390/sh/m68k stable ia64 stable GLSA filed Michael Boyle Gentoo Security Padawan This issue was resolved and addressed in GLSA 201811-02 at https://security.gentoo.org/glsa/201811-02 by GLSA coordinator Thomas Deutschmann (whissi). Re-opening for cleanup. @ Maintainer(s): Please cleanup and drop <dev-lang/python-2.7.15! cleanup on aisle #6... |