Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 05 Nov 2008 12:10:54 +0100
From: Jan Lieskovsky <>
To: "Steven M. Christey" <>,
        Chris Evans <>
Subject: CVE Request - Python string expandtabs


  yesterday looked yet at the Python issues reported
by Chris Evans at:

and found out, the issue:

* Integer overflow in string expandtabs operation

*  PoC: s = 't\tt\t'
        str.expandtabs(s, 2147483647)

  still lacks its own separate CVE identifier.

  Different issue than CVE-2008-2315.


  Integer overflows in stringobject.c and unicodeobject.c 
  in Python 2.5.2 are part of CVE-2008-2315, but
  part of CVE-2008-2315 is also mention about patch:

  which by itself is not sufficient to resolve this flaw.

  Upstream has applied the following patch:

  Have checked by above PoC that applying this patch
  solves this vulnerability.

  Affected Python versions: 2.2.3 <= x <= 2.5.1

Chris, can you confirm my investigation?

Steve, could you allocate a new CVE id?

Thanks, Jan.

Jan iankko Lieskovsky / Red Hat Security Response Team  

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ