Debian Bug report logs -
#628453
CVE-2011-1521: information disclosure
Reported by: Steffen Joeris <white@debian.org>
Date: Sun, 29 May 2011 03:42:01 UTC
Severity: grave
Tags: security
Fixed in version 3.1.3-1+rm
Done: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Matthias Klose <doko@debian.org>:
Bug#628453; Package python3.1.
(Sun, 29 May 2011 03:42:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Steffen Joeris <white@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Matthias Klose <doko@debian.org>.
(Sun, 29 May 2011 03:42:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: python3.1
Severity: grave
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for python3.1.
CVE-2011-1521[0]:
| The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x
| before 3.2.1 process Location headers that specify redirection to
| file: URLs, which makes it easier for remote attackers to obtain
| sensitive information or cause a denial of service (resource
| consumption) via a crafted URL, as demonstrated by the
| file:///etc/passwd and file:///dev/zero URLs.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
Cheers,
Steffen
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1521
http://security-tracker.debian.org/tracker/CVE-2011-1521
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk3hwCsACgkQ62zWxYk/rQdRAgCgp95X4txXuLx3yCsB480zqwLE
tOAAn2z4xQTbUAi8uJz6XMu6Z1ED+5Uu
=i+u7
-----END PGP SIGNATURE-----
Reply sent
to Debian FTP Masters <ftpmaster@ftp-master.debian.org>:
You have taken responsibility.
(Mon, 30 May 2011 22:12:29 GMT) (full text, mbox, link).
Notification sent
to Steffen Joeris <white@debian.org>:
Bug acknowledged by developer.
(Mon, 30 May 2011 22:12:30 GMT) (full text, mbox, link).
Message #10 received at 628453-done@bugs.debian.org (full text, mbox, reply):
Version: 3.1.3-1+rm
Dear submitter,
as the package python3.1 has just been removed from the Debian archive
unstable we hereby close the associated bug reports. We are sorry
that we couldn't deal with your issue properly.
For details on the removal, please see http://bugs.debian.org/628504
The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.
This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@debian.org.
Debian distribution maintenance software
pp.
Luca Falavigna (the ftpmaster behind the curtain)
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 28 Jun 2011 07:35:12 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:56:13 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon