Date: Mon, 27 Oct 2008 17:22:44 +0100 From: Jan Lieskovsky <jlieskov@...hat.com> To: oss-security@...ts.openwall.com, coley@...re.org Subject: CVE request -- Python imageop#3 Hello Steve, could you please allocate a new CVE id for the following Python integer / buffer overflow in imageop module - from commit log: "fix security issue 2: imageop's poor validation of arguments could result in segfaults" Proposed patch: against trunk: http://svn.python.org/view?rev=66689&view=rev against release-25maint: http://svn.python.org/view?rev=66690&view=rev Affected Python versions: 1.5.2 through 2.5.1 This issue yet different one, than two previous Python imageop related security issues (CVE-2007-4965 and CVE-2008-1679): CVE-2007-4965 imageop module heap overflow / corruption / infinite loop) its patch against trunk: http://svn.python.org/view?rev=65880&view=rev its patch against release-25maint: http://svn.python.org/view?rev=65878&view=rev CVE-2008-1679 (imageop integer overflow -incomplete fix of CVE-2007-4965) advisory: https://issues.rpath.com/browse/RPL-2424 patch: http://bugs.python.org/file9975/python-2.5-int-overflow-2.patch The patch for this issue has been in upstream included into CVE-2008-4965.patch. Thanks, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ