Python sources apparently include their own (affected) copy of the libpcre
library. See bug 103337 for details on the vulnerability.
If possible, it might be a good idea to make Python build against the system
libpcre rather than using the internal copy.
Ccing maintainers for advice.
"In python, the impact depends on the particular application that uses
python's "re" (regular expression) module. In python server
applications that process unchecked arbitrary regular expressions with
the "re" module, this could potentially be exploited to remotely
execute arbitrary code with the privileges of the server."
Let's hope kloeri recovers fast, I would hate having to mask Python.
python-2.3.5-r2 added to the tree with pcre patch from ubuntu included. Python
2.4 isn't affected by this bug as it doesn't include it's own pcre version.
Arches please test and mark stable.
Already stable on these arches, removing from CC
Sorry for the spam... forgot to click the "remove" button...
stable on ppc64
Sparc looks good, removing cc.
stable on sh
Stable on ppc and hppa.
amd64 stable, sorry for the delay
mips should mark stable to benefit from GLSA