Bug 12127 - python new readline() DoS security issues (was CVE-2013-1752)
Summary: python new readline() DoS security issues (was CVE-2013-1752)
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: i586 Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Philippe Makowski
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/590908/
Whiteboard: MGA3TOO
Keywords:
Depends on: 12772 13041
Blocks:
  Show dependency treegraph
 
Reported: 2013-12-27 18:27 CET by David Walser
Modified: 2014-03-24 12:29 CET (History)
0 users

See Also:
Source RPM: python-2.7.5-11.mga4.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2013-12-27 18:27:21 CET 
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1046174
http://openwall.com/lists/oss-security/2013/12/23/10

Because these issues have been fixed or will be fixed in multiple different versions of python, CVE-2013-1752 has been rejected and new CVEs will be assigned.  Some of the issues are fixed in python 2.7.6, some will be in a later release.

Reproducible: 

Steps to Reproduce:
David Walser 2013-12-27 18:27:37 CET

Assignee: bugsquad => makowski.mageia
Whiteboard: (none) => MGA3TOO

Comment 1 Philippe Makowski 2014-02-08 11:05:45 CET 
Since today no other distro updated Python 2.7.5 to 2.7.6 and since the situation is not clear yet and that not all issues are fixed in 2.7.6, I will wait, unless someone have a better idea.
By the way, fwang updated Python to 2.7.6 in Cauldron
David Walser 2014-02-16 17:50:36 CET

Depends on: (none) => 12772

David Walser 2014-03-18 17:53:36 CET

URL: (none) => http://lwn.net/Vulnerabilities/590908/

David Walser 2014-03-20 13:12:43 CET

Depends on: (none) => 13041

Comment 2 David Walser 2014-03-24 12:29:20 CET 
All better now :o)

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.