Bug 12127

Summary: python new readline() DoS security issues (was CVE-2013-1752)
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Philippe Makowski <makowski.mageia>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/590908/
Whiteboard: MGA3TOO
Source RPM: python-2.7.5-11.mga4.src.rpm CVE:
Status comment:
Bug Depends on: 12772, 13041    
Bug Blocks:    

Description David Walser 2013-12-27 18:27:21 CET 
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1046174
http://openwall.com/lists/oss-security/2013/12/23/10

Because these issues have been fixed or will be fixed in multiple different versions of python, CVE-2013-1752 has been rejected and new CVEs will be assigned.  Some of the issues are fixed in python 2.7.6, some will be in a later release.

Reproducible: 

Steps to Reproduce:
David Walser 2013-12-27 18:27:37 CET

Assignee: bugsquad => makowski.mageia
Whiteboard: (none) => MGA3TOO

Comment 1 Philippe Makowski 2014-02-08 11:05:45 CET 
Since today no other distro updated Python 2.7.5 to 2.7.6 and since the situation is not clear yet and that not all issues are fixed in 2.7.6, I will wait, unless someone have a better idea.
By the way, fwang updated Python to 2.7.6 in Cauldron
David Walser 2014-02-16 17:50:36 CET

Depends on: (none) => 12772

David Walser 2014-03-18 17:53:36 CET

URL: (none) => http://lwn.net/Vulnerabilities/590908/

David Walser 2014-03-20 13:12:43 CET

Depends on: (none) => 13041

Comment 2 David Walser 2014-03-24 12:29:20 CET 
All better now :o)

Status: NEW => RESOLVED
Resolution: (none) => FIXED