Your message dated Wed, 12 Nov 2008 22:17:12 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#504619: fixed in python2.5 2.5.2-12 has caused the Debian Bug report #504619, regarding python2.5: CVE-2008-4864 multiple integer overflows in imageop module to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 504619: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504619 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems
--- Begin Message ---Package: pyton2.5 Version: 2.5-5+etch1 Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for pyton2.5. CVE-2008-4864[0]: | Multiple integer overflows in imageop.c in the imageop module in | Python 1.5.2 through 2.5.1 allow context-dependent attackers to break | out of the Python VM and execute arbitrary code via large integer | values in certain arguments to the crop function, leading to a buffer | overflow, a different vulnerability than CVE-2007-4965 and | CVE-2008-1679. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. Upstream patch: http://svn.python.org/view/python/trunk/Modules/imageop.c?p2=%2Fpython%2Ftrunk%2FModules%2Fimageop.c&p1=python%2Ftrunk%2FModules%2Fimageop.c&r1=66689&r2=66688&rev=66689&view=diff&diff_format=u For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4864 http://security-tracker.debian.net/tracker/CVE-2008-4864 -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.pgph5I9OXvjZb.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---Source: python2.5 Source-Version: 2.5.2-12 We believe that the bug you reported is fixed in the latest version of python2.5, which is due to be installed in the Debian FTP archive: idle-python2.5_2.5.2-12_all.deb to pool/main/p/python2.5/idle-python2.5_2.5.2-12_all.deb python2.5-dbg_2.5.2-12_i386.deb to pool/main/p/python2.5/python2.5-dbg_2.5.2-12_i386.deb python2.5-dev_2.5.2-12_i386.deb to pool/main/p/python2.5/python2.5-dev_2.5.2-12_i386.deb python2.5-examples_2.5.2-12_all.deb to pool/main/p/python2.5/python2.5-examples_2.5.2-12_all.deb python2.5-minimal_2.5.2-12_i386.deb to pool/main/p/python2.5/python2.5-minimal_2.5.2-12_i386.deb python2.5_2.5.2-12.diff.gz to pool/main/p/python2.5/python2.5_2.5.2-12.diff.gz python2.5_2.5.2-12.dsc to pool/main/p/python2.5/python2.5_2.5.2-12.dsc python2.5_2.5.2-12_i386.deb to pool/main/p/python2.5/python2.5_2.5.2-12_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Matthias Klose <[EMAIL PROTECTED]> (supplier of updated python2.5 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Wed, 12 Nov 2008 21:49:03 +0100 Source: python2.5 Binary: python2.5 python2.5-minimal python2.5-examples python2.5-dev idle-python2.5 python2.5-dbg Architecture: source all i386 Version: 2.5.2-12 Distribution: unstable Urgency: low Maintainer: Matthias Klose <[EMAIL PROTECTED]> Changed-By: Matthias Klose <[EMAIL PROTECTED]> Description: idle-python2.5 - An IDE for Python (v2.5) using Tkinter python2.5 - An interactive high-level object-oriented language (version 2.5) python2.5-dbg - Debug Build of the Python Interpreter (version 2.5) python2.5-dev - Header files and a static library for Python (v2.5) python2.5-examples - Examples for the Python language (v2.5) python2.5-minimal - A minimal subset of the Python language (version 2.5) Closes: 504619 Changes: python2.5 (2.5.2-12) unstable; urgency=low . * Fix CVE-2008-4864, imageop did not validate arguments correctly and could segfault as a result. Closes: #504619. * Fix build failures of the _ctypes module on arm, armel, m68k, reverting the change to fix upstream issue #2682. Checksums-Sha1: 45e022bf0a7a3f9b97cd4360c759dc8a80419817 1814 python2.5_2.5.2-12.dsc 5031706a1aace3a6b20bcf0c4c932bd64dcced68 258329 python2.5_2.5.2-12.diff.gz 81b57070760192723a416c0733fc59b5402f99db 649878 python2.5-examples_2.5.2-12_all.deb 735411bd8efce031b7bcdc37a7bf6b860ce55a6d 67892 idle-python2.5_2.5.2-12_all.deb 7d856fe6284938c0c2178ee15edb1f52b946dca9 2921310 python2.5_2.5.2-12_i386.deb d6117b3a390b49d6400abf04c13224160459ae13 1206436 python2.5-minimal_2.5.2-12_i386.deb f6cb972bbd9f1bf7c2ffd97aa0752976b61be9e3 1890606 python2.5-dev_2.5.2-12_i386.deb a193e30139373a6d78110655f25d31376cef8745 7434710 python2.5-dbg_2.5.2-12_i386.deb Checksums-Sha256: c32fcd2d9e914164b66c1c4774faaf57c47f88f91e92435d014b2a27fb5844cc 1814 python2.5_2.5.2-12.dsc a448ad6441a635352e34122a5a720acb02d97ee398bd59ad4988b51cf1a3eb2f 258329 python2.5_2.5.2-12.diff.gz 78e48138ccb1c8b4038be0452c244820e067e084ea0cda280ed202f18552916e 649878 python2.5-examples_2.5.2-12_all.deb de574ca06533e4394db8016fa3edf1a163488ebde1e6c84a37c186721caf1b89 67892 idle-python2.5_2.5.2-12_all.deb d24915e4d9d24b9790d554f76ceac76e5a6add7b09793193b8f42c3b370e1fa7 2921310 python2.5_2.5.2-12_i386.deb 591acac080be29d0f44078bfbce5951086521ab9617992a79effc714e23ae29c 1206436 python2.5-minimal_2.5.2-12_i386.deb 98e5b146310b1e47929c0dfaa3814a68af0f52452dd55a0666bd3319ebc51867 1890606 python2.5-dev_2.5.2-12_i386.deb 1df98fd6ca0086c15ea84227b3166f9a4b5f6be08875a2812afa7d68235e8a9a 7434710 python2.5-dbg_2.5.2-12_i386.deb Files: 35cb674f73c975f39e82cad152d2965b 1814 python optional python2.5_2.5.2-12.dsc d148b0c7c54555dfde5f3492fe4baa57 258329 python optional python2.5_2.5.2-12.diff.gz 414e4eda830ee0064b76d2583549d3f9 649878 python optional python2.5-examples_2.5.2-12_all.deb 22b1563416236b90d1681b793d2c2404 67892 python optional idle-python2.5_2.5.2-12_all.deb be6e1d3185be57b38b16a07bb3602965 2921310 python optional python2.5_2.5.2-12_i386.deb 641785662e079e7e06f26db21887f5c7 1206436 python optional python2.5-minimal_2.5.2-12_i386.deb 38fc2e5ed0d3b3bbd26933bda4a87d15 1890606 python optional python2.5-dev_2.5.2-12_i386.deb daca6ce6c857529a4b0251f792393295 7434710 python extra python2.5-dbg_2.5.2-12_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkkbUJgACgkQStlRaw+TLJykHACeMjtlDEBENp8rH2CXPrkIm8Bd 0iAAnAuhz+LOGxvEFYsfRq0ks7RJbI5q =ASvM -----END PGP SIGNATURE-----
--- End Message ---