Your message dated Sun, 3 Jul 2016 11:22:15 +0200
with message-id <[email protected]>
and subject line closing bugs reported against ancient python versions
has caused the Debian Bug report #671588,
regarding python3: CVE-2012-2135 utf-16 decoder
unicode_decode_call_errorhandler aligned_end is not updated
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
671588: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=671588
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: python3
Version: 3.2.3~rc1-2
Severity: important
Tags: security
From: http://seclists.org/oss-sec/2012/q2/183
Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler
aligned_end is not updated
does not appear to affect Python 2.x
memory leak/crashes/etc.
http://bugs.python.org/issue14579
Author: Serhiy Storchaka (storchaka) Date: 2012-04-14 18:46
In the utf-16 decoder after calling unicode_decode_call_errorhandler
aligned_end is not updated. This may potentially cause data leaks,
memory damage, and crash. The bug introduced by implementation of the
issue #4868. In a similar situation in the utf-8 decoder aligned_end
is updated.
-- System Information:
Debian Release: 6.0.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages python3 depends on:
ii python3-minimal 3.1.3-12+squeeze1 minimal subset of the Python langu
ii python3.1 3.1.3-1 An interactive high-level object-o
python3 recommends no packages.
Versions of packages python3 suggests:
pn python3-doc <none> (no description available)
pn python3-profiler <none> (no description available)
pn python3-tk <none> (no description available)
-- no debconf information
--- End Message ---
--- Begin Message ---
This bug has been reported against an ancient version of
python (2.5/3.1), that was last released with Debian 6.0 (squeeze). But
even squeeze-lts has now reached end-of-life and is no longer supported.
The bug is assumed to be fixed (or no longer relevant) in newer python
releases and therefore I'm closing this report now. If the problem is
still reproducible in the currently supported versions (python2.7,
python3.5/python3.6), feel free to provide more information, reopen
and reassign this bug report.
Andreas
--- End Message ---
