230589 – dev-lang/python Multiple vulnerabilities (CVE-2008-2315, CVE-2008-2316)

Bug 230589 - dev-lang/python Multiple vulnerabilities (CVE-2008-2315, CVE-2008-2316)

Summary: dev-lang/python Multiple vulnerabilities (CVE-2008-2315, CVE-2008-2316)

Status:	RESOLVED DUPLICATE of bug 230640

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2008-07-02 23:42 UTC by Robert Buchholz (RETIRED)
Modified:	2009-03-18 19:17 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Buchholz (RETIRED) gentoo-dev

2008-07-02 23:42:57 UTC

** Please note that this issue is confidential and no information should be
disclosed until it is made public, see "Whiteboard" for a date **

David Remahl of Apple Product Security reported:
CVE-2008-2315: Multiple integer overflows in python core  
    (stringobject, unicodeobject, bufferobject, longobject, tupleobject,  
    stropmodule, gcmodule, mmapmodule)
CVE-2008-2316: Partial hashlib hashing of data exceeding 4GB  
    (_hashopenssl)

Patches will come later.

Comment 1 Robert Buchholz (RETIRED) gentoo-dev

2008-07-03 16:12:57 UTC

vorlon, please search :-)

*** This bug has been marked as a duplicate of bug 230640 ***