Description: Piotr Engelking has reported a security issue in Python, which can be exploited by malicious people to disclose potentially sensitive information. The security issue is caused due to an off-by-one error within the "PyLocale_strxfrm()" function in Modules/_localemodule.c, which can be exploited to disclose certain parts of the memory. The security issue is reported in Python 2.4 and 2.5. Other versions may also be affected. Solution: Update to version 2.5.1. Provided and/or discovered by: Piotr Engelking Original Advisory: Python: http://www.python.org/download/releases/2.5.1/NEWS.txt Debian Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416934 Reproducible: Always
python please advise and bump as necessary.
(In reply to comment #1) > python please advise and bump as necessary. > Patched in 2.4.4-r4. 2.5 will still be masked a couple weeks but 2.5.1 is unaffected.
arches - please test target keywords are alpha, amd64, arm, hppa, ia64, mips, ppc, ppc64, s390, sparc, x86
ia64 + x86 stable Btw this needs python-updater stable also, kloeri said it's okay.
target ebuild is dev-lang/python-2.4.4-r4
ppc64 stable
CBUILD="hppa2.0-unknown-linux-gnu" appears not to equal CHOST="hppa2.0-unknown-linux-gnu" according to tc-is-cross-compiler, so FEATURES=test was skipped, sadly. Stable for HPPA anyhow.
sparc stable.
(In reply to comment #7) > CBUILD="hppa2.0-unknown-linux-gnu" appears not to equal > CHOST="hppa2.0-unknown-linux-gnu" according to tc-is-cross-compiler, so > FEATURES=test was skipped, sadly. > > Stable for HPPA anyhow. > The problem with skipping tests is fixed now.
Alpha and Mips stable.
amd64 done.
ppc stable
thanks for providing/testing guys
Calling a vote, according to the policy. I vote "no" because of the very hard exploitation and very low impact.
Voting NO and closing. Feel free to reopen if you disagree.