Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 27 Oct 2008 17:22:44 +0100
From: Jan Lieskovsky <>
Subject: CVE request -- Python imageop#3

Hello Steve,

  could you please allocate a new CVE id for the
following Python integer / buffer overflow in imageop module -
from commit log:

"fix security issue 2: imageop's poor validation of arguments could
result in segfaults"

Proposed patch:
against trunk:
against release-25maint:

Affected Python versions: 1.5.2 through 2.5.1

This issue yet different one, than two previous Python imageop
related security issues (CVE-2007-4965 and CVE-2008-1679):

CVE-2007-4965 imageop module heap overflow / corruption / infinite loop)
its patch against trunk:
its patch against release-25maint:

CVE-2008-1679 (imageop integer overflow -incomplete fix of CVE-2007-4965)
The patch for this issue has been in upstream included into CVE-2008-4965.patch.

Thanks, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ