Comment 1 Stefan Behte (RETIRED) 2010-09-03 20:46:43 UTC

Not sure if it's still relevant...

Comment 2 Arfrever Frehtes Taifersar Arahesis (RETIRED) 2010-09-03 21:02:40 UTC

rgbimg module is available only on 32-bit architectures.

Comment 3 Stefan Behte (RETIRED) 2010-09-03 21:47:49 UTC

CVE-2010-1449 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1449):
  Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5
  allows remote attackers to have an unspecified impact via a large
  image that triggers a buffer overflow.  NOTE: this vulnerability
  exists because of an incomplete fix for CVE-2008-3143.12.

CVE-2010-1450 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1450):
  Multiple buffer overflows in the RLE decoder in the rgbimg module in
  Python 2.5 allow remote attackers to have an unspecified impact via
  an image file containing crafted data that triggers improper
  processing within the (1) longimagedata or (2) expandrow function.

Comment 4 Tim Sammut (RETIRED) 2011-01-19 03:43:31 UTC

Looking at $URL... @python, any chance you can confirm this is python2.5 only? Thanks!

Comment 5 Arfrever Frehtes Taifersar Arahesis (RETIRED) 2011-01-19 13:21:39 UTC

(In reply to comment #4)

http://docs.python.org/whatsnew/2.6.html#deprecations-and-removals
"The rgbimg module has been removed."

Comment 6 Tim Sammut (RETIRED) 2011-01-20 07:27:47 UTC

(In reply to comment #5)
> (In reply to comment #4)
> 
> http://docs.python.org/whatsnew/2.6.html#deprecations-and-removals
> "The rgbimg module has been removed."
> 

Ok, thank you.

GLSA Vote: yes.

Comment 7 Stefan Behte (RETIRED) 2011-10-08 22:46:07 UTC

Vote: NO.

Comment 8 Tobias Heinlein (RETIRED) 2011-10-08 22:49:02 UTC

GLSA vote: NO, closing [noglsa].