Summary: | dev-python/mod_python CAN-2005-0088 XML flaw | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> | ||||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||||
Status: | RESOLVED FIXED | ||||||||||
Severity: | normal | CC: | davin, pquerna, python | ||||||||
Priority: | High | ||||||||||
Version: | unspecified | ||||||||||
Hardware: | All | ||||||||||
OS: | All | ||||||||||
URL: | http://archives.neohapsis.com/archives/fulldisclosure/2005-02/0168.html | ||||||||||
Whiteboard: | A4? [glsaupdate] jaervosz | ||||||||||
Package list: | Runtime testing required: | --- | |||||||||
Attachments: |
|
Description
Sune Kloppenborg Jeppesen (RETIRED)
2005-01-30 11:02:38 UTC
POC given but not oncluded on this bug. Created attachment 50028 [details, diff]
publisher.diff
Updated patch.
Created attachment 50803 [details, diff]
publisher-2.diff
Better patch
This is public now. Python please provide an updated ebuild. Created attachment 51011 [details]
mod_python-3.1.3.ebuild
Patched 3.1.3 and bumped it to 3.1.3-r1, added both to CVS This one is ready for GLSA. *** This bug has been marked as a duplicate of 81827 *** Re-opening - again, so so sorry people. :/ *** Bug 81827 has been marked as a duplicate of this bug. *** GLSA 200502-14 *** Bug 83074 has been marked as a duplicate of this bug. *** Reopening after a 3/4 year ... Someone please mark mod_python-2.7.11 stable on x86 as it suffers the same vulnerability and all apache1 users need this one to be secure. We might have to update the glsa later, not sure atm. Stabled 2.7.11 on x86. I think this one needs a GLSA update Updated i GLSAmaker, awaiting review. Looks OK except Resolution should read : # emerge --sync # emerge --ask --oneshot --verbose dev-python/mod_python Fixed in GLSAmaker without version bump. OK for me, clear to go. Committed. Thx Stefan. |