Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 29 Oct 2008 11:28:33 +0100
From: Jan Lieskovsky <jlieskov@...hat.com>
To: coley@...re.org
Cc: oss-security@...ts.openwall.com
Subject: CVE Request - Python imageop

Hello Steve,

  could you please assign a new CVE id for the following
Python imageop integer / buffer overflow. Advisory
and PoC at:

http://scary.beasts.org/security/CESA-2008-008.html

(The other issues from this link were addressed within
the mega "[vendor-sec] Multiple python vulnerabilities
(CVE-2008-2315, CVE-2008-2316)" thread.)

Proposed patch:
against trunk: http://svn.python.org/view?rev=66689&view=rev
against release-25maint: http://svn.python.org/view?rev=66690&view=rev

Affected Python versions: 1.5.2 through 2.5.1

This issue different one from CVE-2007-4965 and CVE-2008-1679.

Thanks!

--
Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ