Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 246991 (CVE-2008-5031) - <dev-lang/python-2.5.4 multiple integer overflows (stringobject.c/unicodeobject.c) (CVE-2008-5031)
Summary: <dev-lang/python-2.5.4 multiple integer overflows (stringobject.c/unicodeobje...
Status: RESOLVED FIXED
Alias: CVE-2008-5031
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor
Assignee: Gentoo Security
URL: http://svn.python.org/view?rev=61350&...
Whiteboard: A3 [glsa]
Keywords:
Depends on: 252317
Blocks:
  Show dependency tree
 
Reported: 2008-11-15 22:34 UTC by Stefan Behte (RETIRED)
Modified: 2009-07-19 18:14 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2008-11-15 22:34:39 UTC
CVE-2008-5031 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5031):
  Multiple integer overflows in Python 2.5.2 allow context-dependent
  attackers to have an unknown impact via a large integer value in the
  tabsize argument to the expandtabs method, as implemented by (1) the
  string_expandtabs function in Objects/stringobject.c and (2) the
  unicode_expandtabs function in Objects/unicodeobject.c.  NOTE: this
  vulnerability reportedly exists because of an incomplete fix for
  CVE-2008-2315.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2008-11-30 16:25:41 UTC
Python: *ping*
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2009-01-13 18:20:19 UTC
pytho herd, please apply the release-2.5-maint fixes.
Comment 4 Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev 2009-05-18 15:11:25 UTC
It is fixed in 2.5.4. 2.5.4-r2 is stable on all architectures.
Comment 5 Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev 2009-05-28 15:43:30 UTC
2.4.6 is now also stable on all architectures.
Comment 6 Robert Buchholz (RETIRED) gentoo-dev 2009-07-10 13:25:37 UTC
glsa request filed
Comment 7 Robert Buchholz (RETIRED) gentoo-dev 2009-07-19 18:14:25 UTC
GLSA 200907-16