Versions: 2.2 all versions, 2.3 prior to 2.3.5, 2.4
CVE Names: CAN-2005-0089
The Python development team has discovered a flaw in the SimpleXMLRPCServer library module which can give remote attackers access to internals of the registered object or its module or possibly other modules. The flaw only affects Python XML-RPC servers that use the register_instance() method to register an object without a _dispatch() method. Servers using only register_function() are not affected.
Steps to Reproduce:
Python team: please bump and/or apply patches...
*** Bug 80094 has been marked as a duplicate of this bug. ***
I've patched and bumped all affected versions in CVS. I beleive you can close this now.
No stable marking needed as keywords were conserved by maintainer.
Ready for GLSA, fixed versions seem to be :
*** Bug 80597 has been marked as a duplicate of this bug. ***