Your message dated Wed, 12 Nov 2008 22:17:12 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#504619: fixed in python2.5 2.5.2-12
has caused the Debian Bug report #504619,
regarding python2.5: CVE-2008-4864 multiple integer overflows in imageop module
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
504619: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504619
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: pyton2.5
Version: 2.5-5+etch1
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for pyton2.5.
CVE-2008-4864[0]:
| Multiple integer overflows in imageop.c in the imageop module in
| Python 1.5.2 through 2.5.1 allow context-dependent attackers to break
| out of the Python VM and execute arbitrary code via large integer
| values in certain arguments to the crop function, leading to a buffer
| overflow, a different vulnerability than CVE-2007-4965 and
| CVE-2008-1679.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
Upstream patch:
http://svn.python.org/view/python/trunk/Modules/imageop.c?p2=%2Fpython%2Ftrunk%2FModules%2Fimageop.c&p1=python%2Ftrunk%2FModules%2Fimageop.c&r1=66689&r2=66688&rev=66689&view=diff&diff_format=u
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4864
http://security-tracker.debian.net/tracker/CVE-2008-4864
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgph5I9OXvjZb.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: python2.5
Source-Version: 2.5.2-12
We believe that the bug you reported is fixed in the latest version of
python2.5, which is due to be installed in the Debian FTP archive:
idle-python2.5_2.5.2-12_all.deb
to pool/main/p/python2.5/idle-python2.5_2.5.2-12_all.deb
python2.5-dbg_2.5.2-12_i386.deb
to pool/main/p/python2.5/python2.5-dbg_2.5.2-12_i386.deb
python2.5-dev_2.5.2-12_i386.deb
to pool/main/p/python2.5/python2.5-dev_2.5.2-12_i386.deb
python2.5-examples_2.5.2-12_all.deb
to pool/main/p/python2.5/python2.5-examples_2.5.2-12_all.deb
python2.5-minimal_2.5.2-12_i386.deb
to pool/main/p/python2.5/python2.5-minimal_2.5.2-12_i386.deb
python2.5_2.5.2-12.diff.gz
to pool/main/p/python2.5/python2.5_2.5.2-12.diff.gz
python2.5_2.5.2-12.dsc
to pool/main/p/python2.5/python2.5_2.5.2-12.dsc
python2.5_2.5.2-12_i386.deb
to pool/main/p/python2.5/python2.5_2.5.2-12_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Matthias Klose <[EMAIL PROTECTED]> (supplier of updated python2.5 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 12 Nov 2008 21:49:03 +0100
Source: python2.5
Binary: python2.5 python2.5-minimal python2.5-examples python2.5-dev
idle-python2.5 python2.5-dbg
Architecture: source all i386
Version: 2.5.2-12
Distribution: unstable
Urgency: low
Maintainer: Matthias Klose <[EMAIL PROTECTED]>
Changed-By: Matthias Klose <[EMAIL PROTECTED]>
Description:
idle-python2.5 - An IDE for Python (v2.5) using Tkinter
python2.5 - An interactive high-level object-oriented language (version 2.5)
python2.5-dbg - Debug Build of the Python Interpreter (version 2.5)
python2.5-dev - Header files and a static library for Python (v2.5)
python2.5-examples - Examples for the Python language (v2.5)
python2.5-minimal - A minimal subset of the Python language (version 2.5)
Closes: 504619
Changes:
python2.5 (2.5.2-12) unstable; urgency=low
.
* Fix CVE-2008-4864, imageop did not validate arguments correctly
and could segfault as a result. Closes: #504619.
* Fix build failures of the _ctypes module on arm, armel, m68k, reverting
the change to fix upstream issue #2682.
Checksums-Sha1:
45e022bf0a7a3f9b97cd4360c759dc8a80419817 1814 python2.5_2.5.2-12.dsc
5031706a1aace3a6b20bcf0c4c932bd64dcced68 258329 python2.5_2.5.2-12.diff.gz
81b57070760192723a416c0733fc59b5402f99db 649878
python2.5-examples_2.5.2-12_all.deb
735411bd8efce031b7bcdc37a7bf6b860ce55a6d 67892 idle-python2.5_2.5.2-12_all.deb
7d856fe6284938c0c2178ee15edb1f52b946dca9 2921310 python2.5_2.5.2-12_i386.deb
d6117b3a390b49d6400abf04c13224160459ae13 1206436
python2.5-minimal_2.5.2-12_i386.deb
f6cb972bbd9f1bf7c2ffd97aa0752976b61be9e3 1890606
python2.5-dev_2.5.2-12_i386.deb
a193e30139373a6d78110655f25d31376cef8745 7434710
python2.5-dbg_2.5.2-12_i386.deb
Checksums-Sha256:
c32fcd2d9e914164b66c1c4774faaf57c47f88f91e92435d014b2a27fb5844cc 1814
python2.5_2.5.2-12.dsc
a448ad6441a635352e34122a5a720acb02d97ee398bd59ad4988b51cf1a3eb2f 258329
python2.5_2.5.2-12.diff.gz
78e48138ccb1c8b4038be0452c244820e067e084ea0cda280ed202f18552916e 649878
python2.5-examples_2.5.2-12_all.deb
de574ca06533e4394db8016fa3edf1a163488ebde1e6c84a37c186721caf1b89 67892
idle-python2.5_2.5.2-12_all.deb
d24915e4d9d24b9790d554f76ceac76e5a6add7b09793193b8f42c3b370e1fa7 2921310
python2.5_2.5.2-12_i386.deb
591acac080be29d0f44078bfbce5951086521ab9617992a79effc714e23ae29c 1206436
python2.5-minimal_2.5.2-12_i386.deb
98e5b146310b1e47929c0dfaa3814a68af0f52452dd55a0666bd3319ebc51867 1890606
python2.5-dev_2.5.2-12_i386.deb
1df98fd6ca0086c15ea84227b3166f9a4b5f6be08875a2812afa7d68235e8a9a 7434710
python2.5-dbg_2.5.2-12_i386.deb
Files:
35cb674f73c975f39e82cad152d2965b 1814 python optional python2.5_2.5.2-12.dsc
d148b0c7c54555dfde5f3492fe4baa57 258329 python optional
python2.5_2.5.2-12.diff.gz
414e4eda830ee0064b76d2583549d3f9 649878 python optional
python2.5-examples_2.5.2-12_all.deb
22b1563416236b90d1681b793d2c2404 67892 python optional
idle-python2.5_2.5.2-12_all.deb
be6e1d3185be57b38b16a07bb3602965 2921310 python optional
python2.5_2.5.2-12_i386.deb
641785662e079e7e06f26db21887f5c7 1206436 python optional
python2.5-minimal_2.5.2-12_i386.deb
38fc2e5ed0d3b3bbd26933bda4a87d15 1890606 python optional
python2.5-dev_2.5.2-12_i386.deb
daca6ce6c857529a4b0251f792393295 7434710 python extra
python2.5-dbg_2.5.2-12_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkkbUJgACgkQStlRaw+TLJykHACeMjtlDEBENp8rH2CXPrkIm8Bd
0iAAnAuhz+LOGxvEFYsfRq0ks7RJbI5q
=ASvM
-----END PGP SIGNATURE-----
--- End Message ---
