oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE Request - Python imageop

From: Jan Lieskovsky <jlieskov () redhat com>
Date: Wed, 29 Oct 2008 11:28:33 +0100
Hello Steve,

  could you please assign a new CVE id for the following
Python imageop integer / buffer overflow. Advisory
and PoC at:

http://scary.beasts.org/security/CESA-2008-008.html

(The other issues from this link were addressed within
the mega "[vendor-sec] Multiple python vulnerabilities
(CVE-2008-2315, CVE-2008-2316)" thread.)

Proposed patch:
against trunk: http://svn.python.org/view?rev=66689&view=rev
against release-25maint: http://svn.python.org/view?rev=66690&view=rev

Affected Python versions: 1.5.2 through 2.5.1

This issue different one from CVE-2007-4965 and CVE-2008-1679.

Thanks!

--
Jan iankko Lieskovsky / Red Hat Security Response Team
Previous By Date Next
Previous By Thread Next

Current thread: