Date: Wed, 05 Nov 2008 12:10:54 +0100 From: Jan Lieskovsky <jlieskov@...hat.com> To: "Steven M. Christey" <coley@...re.org>, Chris Evans <scarybeasts@...il.com> Cc: oss-security@...ts.openwall.com Subject: CVE Request - Python string expandtabs Hello! yesterday looked yet at the Python issues reported by Chris Evans at: http://scary.beasts.org/security/CESA-2008-008.html and found out, the issue: * Integer overflow in string expandtabs operation * PoC: s = 't\tt\t' str.expandtabs(s, 2147483647) still lacks its own separate CVE identifier. Different issue than CVE-2008-2315. Reasoning: ========= Integer overflows in stringobject.c and unicodeobject.c in Python 2.5.2 are part of CVE-2008-2315, but part of CVE-2008-2315 is also mention about patch: http://bugs.gentoo.org/attachment.cgi?id=159418&action=view which by itself is not sufficient to resolve this flaw. Upstream has applied the following patch: ========================================= http://svn.python.org/view?rev=61350&view=rev Have checked by above PoC that applying this patch solves this vulnerability. Affected Python versions: 2.2.3 <= x <= 2.5.1 ========================= Chris, can you confirm my investigation? Steve, could you allocate a new CVE id? Thanks, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ