Debian Bug report logs -
#603162
python2.5: CVE-2009-4134 CVE-2010-1449 CVE-2010-1450: rgbimg
Reported by: Moritz Muehlenhoff <muehlenhoff@univention.de>
Date: Thu, 11 Nov 2010 15:06:02 UTC
Severity: important
Tags: security
Fixed in version python2.5/2.5.5-11
Done: Matthias Klose <doko@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Matthias Klose <doko@debian.org>:
Bug#603162; Package python2.5.
(Thu, 11 Nov 2010 15:06:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>:
New Bug report received and forwarded. Copy sent to Matthias Klose <doko@debian.org>.
(Thu, 11 Nov 2010 15:06:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: python2.5
Severity: important
Tags: security
This has been assigned CVE-2009-4134, CVE-2010-1449 and CVE-2010-1450
and only applies to Python 2.5 (it has been dropped from 2.6):
http://bugs.python.org/issue8678
Red Hat has a proposed patch (not yet merged in the 2.5 branch) in
the Bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=541698
(The patch only applies after reverting the initial patch attempt
from http://svn.python.org/view/python/branches/release25-maint/Modules/rgbimgmodule.c?r1=60793&r2=60792 )
Since noone seems to actually use this module, we could just as well
drop it, I suppose.
Cheers,
Moritz
-- System Information:
Debian Release: 5.0.1
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Reply sent
to Matthias Klose <doko@debian.org>:
You have taken responsibility.
(Sun, 28 Nov 2010 18:51:12 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer.
(Sun, 28 Nov 2010 18:51:12 GMT) (full text, mbox, link).
Message #10 received at 603162-close@bugs.debian.org (full text, mbox, reply):
Source: python2.5
Source-Version: 2.5.5-11
We believe that the bug you reported is fixed in the latest version of
python2.5, which is due to be installed in the Debian FTP archive:
idle-python2.5_2.5.5-11_all.deb
to main/p/python2.5/idle-python2.5_2.5.5-11_all.deb
python2.5-dbg_2.5.5-11_amd64.deb
to main/p/python2.5/python2.5-dbg_2.5.5-11_amd64.deb
python2.5-dev_2.5.5-11_amd64.deb
to main/p/python2.5/python2.5-dev_2.5.5-11_amd64.deb
python2.5-doc_2.5.5-11_all.deb
to main/p/python2.5/python2.5-doc_2.5.5-11_all.deb
python2.5-examples_2.5.5-11_all.deb
to main/p/python2.5/python2.5-examples_2.5.5-11_all.deb
python2.5-minimal_2.5.5-11_amd64.deb
to main/p/python2.5/python2.5-minimal_2.5.5-11_amd64.deb
python2.5_2.5.5-11.diff.gz
to main/p/python2.5/python2.5_2.5.5-11.diff.gz
python2.5_2.5.5-11.dsc
to main/p/python2.5/python2.5_2.5.5-11.dsc
python2.5_2.5.5-11_amd64.deb
to main/p/python2.5/python2.5_2.5.5-11_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 603162@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Matthias Klose <doko@debian.org> (supplier of updated python2.5 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 28 Nov 2010 17:30:47 +0100
Source: python2.5
Binary: python2.5 python2.5-minimal python2.5-examples python2.5-dev idle-python2.5 python2.5-dbg python2.5-doc
Architecture: source all amd64
Version: 2.5.5-11
Distribution: unstable
Urgency: low
Maintainer: Matthias Klose <doko@debian.org>
Changed-By: Matthias Klose <doko@debian.org>
Description:
idle-python2.5 - An IDE for Python (v2.5) using Tkinter
python2.5 - An interactive high-level object-oriented language (version 2.5)
python2.5-dbg - Debug Build of the Python Interpreter (version 2.5)
python2.5-dev - Header files and a static library for Python (v2.5)
python2.5-doc - Documentation for the high-level object-oriented language Python
python2.5-examples - Examples for the Python language (v2.5)
python2.5-minimal - A minimal subset of the Python language (version 2.5)
Closes: 603162
Changes:
python2.5 (2.5.5-11) unstable; urgency=low
.
* Fix multiple security issues in rgbimg module (CVE-2009-4134,
CVE-2010-1449 CVE-2010-1450). Closes: #603162.
Checksums-Sha1:
26cae3f05bb2c120a873949126cc0f96a6f094f4 1821 python2.5_2.5.5-11.dsc
4d5ee830890fe785fd3a06071fed484fdf4cba1e 472971 python2.5_2.5.5-11.diff.gz
313c8ffc6eeb1c839b0c1a483ca6471fc6aae5b8 653476 python2.5-examples_2.5.5-11_all.deb
e89c8842089c104240fe731612cd5c905a20731e 69924 idle-python2.5_2.5.5-11_all.deb
c47be7c9bd0a0431f319dfad9ce9f308f7808140 3851968 python2.5-doc_2.5.5-11_all.deb
9dccdc38b33859d6ec0dfdf9d37d6af3f25667cd 3053370 python2.5_2.5.5-11_amd64.deb
4c58de0ddb3ba5c7bde514c7607197e0223e7acb 1306914 python2.5-minimal_2.5.5-11_amd64.deb
545b51b331e7465c3d5c0436963f412e5374183e 1885502 python2.5-dev_2.5.5-11_amd64.deb
eae40f31bbdd4a357476c48a8f090e710b36728a 7870110 python2.5-dbg_2.5.5-11_amd64.deb
Checksums-Sha256:
cf8e7e0045ca4a5e471e1ddda0f3d862198ab27a705b3ea471fc14a5e4c037c5 1821 python2.5_2.5.5-11.dsc
9d7b2bd4bcf9ffc6d19525b374f6fa37e8512cade01d0e49a8fab01a76d87497 472971 python2.5_2.5.5-11.diff.gz
a02eedf8981f39f4c7fd19be2ca37c5502df490b823f4859b5ebc4a6438cae49 653476 python2.5-examples_2.5.5-11_all.deb
800be3439b2f83b471d48e6643a468700b7686c560d7f8468461706b201ea377 69924 idle-python2.5_2.5.5-11_all.deb
3a305bede2cad48c4df7b33499c1c5d1558b3b3675a6f53603615c25d6e3491a 3851968 python2.5-doc_2.5.5-11_all.deb
a541df74f00b16c2b16a0e04db4c2ca7488840c28289fbdecb7c4fb50031706f 3053370 python2.5_2.5.5-11_amd64.deb
bee4602031d5ba98082535e9bbf69b6c0ed450f7e0587ef21dfb31b0fdbbd0a2 1306914 python2.5-minimal_2.5.5-11_amd64.deb
e442e0f47ec46fe31b5d02ecf407e1d6695fd003d31a5f69b42cb3d4834395da 1885502 python2.5-dev_2.5.5-11_amd64.deb
9710705a321d73d9c576077b3515d8e95deec315f2874ff0acdc136ef59ab7b7 7870110 python2.5-dbg_2.5.5-11_amd64.deb
Files:
e7f0ee8660bb1481852fe12bd301c243 1821 python optional python2.5_2.5.5-11.dsc
9d2b2f5df1d5dcb2a66de2ab5930ae1b 472971 python optional python2.5_2.5.5-11.diff.gz
3df2b1cde2db1b3e16a3f64b734f3b24 653476 python optional python2.5-examples_2.5.5-11_all.deb
8275638f638c9ca1ac994db7440e15c4 69924 python optional idle-python2.5_2.5.5-11_all.deb
059418ec8f7987ba7b9469c6c36b04f3 3851968 doc optional python2.5-doc_2.5.5-11_all.deb
8ac263e9e199986274e935e7a3941e5e 3053370 python optional python2.5_2.5.5-11_amd64.deb
559ccc3af527bef82ef14437fc75d3a4 1306914 python optional python2.5-minimal_2.5.5-11_amd64.deb
1667a277d946796f492453aad17efc75 1885502 python optional python2.5-dev_2.5.5-11_amd64.deb
26901b9636a5518de13cadd65e8d342c 7870110 debug extra python2.5-dbg_2.5.5-11_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkzyoWkACgkQStlRaw+TLJzvyACgnbbULFaf1A2U5FBqsLyRcGjt
UCoAoJr/JCFSrmzBgPr4wuonOlMV5H8o
=lnAT
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 09 Jun 2011 07:37:29 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:34:06 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon