Package: python2.6 Version: 2.6.6-10 Severity: grave Tags: security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for python2.6. CVE-2011-1521[0]: | The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x | before 3.2.1 process Location headers that specify redirection to | file: URLs, which makes it easier for remote attackers to obtain | sensitive information or cause a denial of service (resource | consumption) via a crafted URL, as demonstrated by the | file:///etc/passwd and file:///dev/zero URLs. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. Cheers, Steffen For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1521 http://security-tracker.debian.org/tracker/CVE-2011-1521 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk3hwLAACgkQ62zWxYk/rQedQwCgmgzdKyhBbg2rBhuHe6gCKbTn 0ewAoLcJiQX1EeYJp/z9K3I9LhuSUUgr =2Nq9 -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
