CVE-2008-5031 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5031): Multiple integer overflows in Python 2.5.2 allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315.
Python: *ping*
Here are the fixes http://svn.python.org/view/python/trunk/Objects/stringobject.c?rev=61350&view=diff&r1=61350&r2=61349&p1=python/trunk/Objects/stringobject.c&p2=/python/trunk/Objects/stringobject.c http://svn.python.org/view/python/trunk/Objects/stringobject.c?rev=61350&view=diff&r1=61350&r2=61349&p1=python/trunk/Objects/stringobject.c&p2=/python/trunk/Objects/stringobject.c http://svn.python.org/view?rev=61350&view=rev
pytho herd, please apply the release-2.5-maint fixes.
It is fixed in 2.5.4. 2.5.4-r2 is stable on all architectures.
2.4.6 is now also stable on all architectures.
glsa request filed
GLSA 200907-16