Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2013-1753 CVE-2013-1752

Source

Debian Bug report logs - #742927
python3.4: CVE-2013-1753

Package: src:python3.4; Maintainer for src:python3.4 is Matthias Klose <doko@debian.org>;

Reported by: Michael Gilbert <mgilbert@debian.org>

Date: Sat, 29 Mar 2014 01:57:02 UTC

Severity: important

Tags: help, security

Found in version python3.4/3.4.0-1

Fixed in version python3.4/3.4.2-4

Done: Matthias Klose <doko@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Matthias Klose <doko@debian.org>:
Bug#742927; Package src:python3.4. (Sat, 29 Mar 2014 01:57:07 GMT) (full text, mbox, link).

Acknowledgement sent to Michael Gilbert <mgilbert@debian.org>:
New Bug report received and forwarded. Copy sent to Matthias Klose <doko@debian.org>. (Sat, 29 Mar 2014 01:57:07 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

package: src:python3.4
severity: important
version: 3.4.0-1

Two security issues are currently present in python3.4:
https://security-tracker.debian.org/tracker/CVE-2013-1752
https://security-tracker.debian.org/tracker/CVE-2013-1753

Best wishes,
MIke

Added tag(s) security. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Sat, 29 Mar 2014 07:00:15 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#742927; Package src:python3.4. (Mon, 05 May 2014 12:45:14 GMT) (full text, mbox, link).

Acknowledgement sent to Matthias Klose <doko@debian.org>:
Extra info received and forwarded to list. (Mon, 05 May 2014 12:45:14 GMT) (full text, mbox, link).

Message #12 received at 742927@bugs.debian.org (full text, mbox, reply):

Am 29.03.2014 02:54, schrieb Michael Gilbert:
> package: src:python3.4
> severity: important
> version: 3.4.0-1
> 
> Two security issues are currently present in python3.4:
> https://security-tracker.debian.org/tracker/CVE-2013-1752
> https://security-tracker.debian.org/tracker/CVE-2013-1753
> 
> Best wishes,
> MIke
>

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#742927; Package src:python3.4. (Mon, 05 May 2014 12:45:17 GMT) (full text, mbox, link).

Acknowledgement sent to Matthias Klose <doko@debian.org>:
Extra info received and forwarded to list. (Mon, 05 May 2014 12:45:17 GMT) (full text, mbox, link).

Message #17 received at 742927@bugs.debian.org (full text, mbox, reply):

Am 29.03.2014 02:54, schrieb Michael Gilbert:
> package: src:python3.4
> severity: important
> version: 3.4.0-1
> 
> Two security issues are currently present in python3.4:
> https://security-tracker.debian.org/tracker/CVE-2013-1752

I think you are wrong about this one.

> https://security-tracker.debian.org/tracker/CVE-2013-1753

Pending an upstream patch.

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#742927; Package src:python3.4. (Mon, 19 May 2014 11:36:05 GMT) (full text, mbox, link).

Acknowledgement sent to Matthias Klose <doko@debian.org>:
Extra info received and forwarded to list. (Mon, 19 May 2014 11:36:05 GMT) (full text, mbox, link).

Message #22 received at 742927@bugs.debian.org (full text, mbox, reply):

Control: tags -1 + help moreinfo wontfix

no reply yet, and no upstream patch.

Added tag(s) help, moreinfo, and wontfix. Request was from Matthias Klose <doko@debian.org> to 742927-submit@bugs.debian.org. (Mon, 19 May 2014 11:36:05 GMT) (full text, mbox, link).

Reply sent to Moritz Mühlenhoff <jmm@inutil.org>:
You have taken responsibility. (Thu, 13 Nov 2014 18:36:20 GMT) (full text, mbox, link).

Notification sent to Michael Gilbert <mgilbert@debian.org>:
Bug acknowledged by developer. (Thu, 13 Nov 2014 18:36:20 GMT) (full text, mbox, link).

Message #29 received at 742927-done@bugs.debian.org (full text, mbox, reply):

Version: 3.4.1-1

On Mon, May 19, 2014 at 01:31:38PM +0200, Matthias Klose wrote:
> Control: tags -1 + help moreinfo wontfix
> 
> no reply yet, and no upstream patch.

These are fixed in 3.4.1, so all fine for jessie.

Cheers,
        Moritz

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 12 Dec 2014 07:27:52 GMT) (full text, mbox, link).

Bug unarchived. Request was from Michael Gilbert <mgilbert@debian.org> to control@bugs.debian.org. (Sun, 21 Dec 2014 02:30:04 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Matthias Klose <doko@debian.org>:
Bug#742927; Package src:python3.4. (Sun, 21 Dec 2014 02:39:05 GMT) (full text, mbox, link).

Acknowledgement sent to Michael Gilbert <mgilbert@debian.org>:
Extra info received and forwarded to list. Copy sent to Matthias Klose <doko@debian.org>. (Sun, 21 Dec 2014 02:39:05 GMT) (full text, mbox, link).

Message #38 received at 742927@bugs.debian.org (full text, mbox, reply):

control: reopen -1
control: tag -1 -moreinfo, -wontfix
control: retitle -1 python3.4: CVE-2013-1753

On Mon, May 5, 2014 at 8:42 AM, Matthias Klose wrote:
> Am 29.03.2014 02:54, schrieb Michael Gilbert:
>> https://security-tracker.debian.org/tracker/CVE-2013-1753
>
> Pending an upstream patch.

Upstream completed fixes a couple weeks ago.  See:
http://bugs.python.org/issue16043

Best wishes,
Mike

Bug reopened Request was from Michael Gilbert <mgilbert@debian.org> to 742927-submit@bugs.debian.org. (Sun, 21 Dec 2014 02:39:05 GMT) (full text, mbox, link).

No longer marked as fixed in versions 3.4.1-1. Request was from Michael Gilbert <mgilbert@debian.org> to 742927-submit@bugs.debian.org. (Sun, 21 Dec 2014 02:39:06 GMT) (full text, mbox, link).

Removed tag(s) moreinfo. Request was from Michael Gilbert <mgilbert@debian.org> to 742927-submit@bugs.debian.org. (Sun, 21 Dec 2014 02:39:06 GMT) (full text, mbox, link).

Removed tag(s) wontfix. Request was from Michael Gilbert <mgilbert@debian.org> to 742927-submit@bugs.debian.org. (Sun, 21 Dec 2014 02:39:07 GMT) (full text, mbox, link).

Changed Bug title to 'python3.4: CVE-2013-1753' from 'python3.4: CVE-2013-1752 and CVE-2013-1753' Request was from Michael Gilbert <mgilbert@debian.org> to 742927-submit@bugs.debian.org. (Sun, 21 Dec 2014 02:39:08 GMT) (full text, mbox, link).

Reply sent to Matthias Klose <doko@debian.org>:
You have taken responsibility. (Sat, 27 Dec 2014 18:51:05 GMT) (full text, mbox, link).

Notification sent to Michael Gilbert <mgilbert@debian.org>:
Bug acknowledged by developer. (Sat, 27 Dec 2014 18:51:05 GMT) (full text, mbox, link).

Message #53 received at 742927-close@bugs.debian.org (full text, mbox, reply):

Source: python3.4
Source-Version: 3.4.2-4

We believe that the bug you reported is fixed in the latest version of
python3.4, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 742927@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Matthias Klose <doko@debian.org> (supplier of updated python3.4 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 27 Dec 2014 12:23:33 +0100
Source: python3.4
Binary: python3.4 python3.4-venv libpython3.4-stdlib python3.4-minimal libpython3.4-minimal libpython3.4 python3.4-examples python3.4-dev libpython3.4-dev libpython3.4-testsuite idle-python3.4 python3.4-doc python3.4-dbg libpython3.4-dbg
Architecture: source all amd64
Version: 3.4.2-4
Distribution: unstable
Urgency: medium
Maintainer: Matthias Klose <doko@debian.org>
Changed-By: Matthias Klose <doko@debian.org>
Description:
 idle-python3.4 - IDE for Python (v3.4) using Tkinter
 libpython3.4 - Shared Python runtime library (version 3.4)
 libpython3.4-dbg - Debug Build of the Python Interpreter (version 3.4)
 libpython3.4-dev - Header files and a static library for Python (v3.4)
 libpython3.4-minimal - Minimal subset of the Python language (version 3.4)
 libpython3.4-stdlib - Interactive high-level object-oriented language (standard library
 libpython3.4-testsuite - Testsuite for the Python standard library (v3.4)
 python3.4  - Interactive high-level object-oriented language (version 3.4)
 python3.4-dbg - Debug Build of the Python Interpreter (version 3.4)
 python3.4-dev - Header files and a static library for Python (v3.4)
 python3.4-doc - Documentation for the high-level object-oriented language Python
 python3.4-examples - Examples for the Python language (v3.4)
 python3.4-minimal - Minimal subset of the Python language (version 3.4)
 python3.4-venv - Interactive high-level object-oriented language (pyvenv binary, v
Closes: 742927 772730
Changes:
 python3.4 (3.4.2-4) unstable; urgency=medium
 .
   * Fix issue #22935: Fix ssl module when SSLv3 protocol is not supported.
   * Fix issue #16043: Add a default limit for the amount of data
     xmlrpclib.gzip_decode will return. CVE-2013-1753. Closes: #742927.
   * Disable ensurepip for the system installation, only enable it for virtual
     environments. Closes: #772730.
Checksums-Sha1:
 ec95a4ab614d7bc19e5afff859050b86ecd234ed 3248 python3.4_3.4.2-4.dsc
 2ee80f1a304c1034f58075ce6a631868645c4a3a 474732 python3.4_3.4.2-4.debian.tar.xz
 19ea82d18a09211a15fb7a8dfbea5ded824115e5 393624 python3.4-examples_3.4.2-4_all.deb
 48aef5e8bf8c728b0b97a0a6db7d25f432cd3bfb 3033746 libpython3.4-testsuite_3.4.2-4_all.deb
 21f4b0e880f44655b91c7d612d63d5f012b7c08e 84078 idle-python3.4_3.4.2-4_all.deb
 2c63fcafa95a6d04f5b25b8828600f4665d65bd8 5269234 python3.4-doc_3.4.2-4_all.deb
 48163cfc0d3e6fdd2f706c683fbae79aa19434c4 208588 python3.4_3.4.2-4_amd64.deb
 03bc11f370974d0eeac0baec31a14bdbfe13854b 6108 python3.4-venv_3.4.2-4_amd64.deb
 a50bc855bc59bea58dbee88c8d84b95a4c28a2eb 2090922 libpython3.4-stdlib_3.4.2-4_amd64.deb
 d75f8827241a8676e2b32a6ad8c02dc4da6f45e8 1648852 python3.4-minimal_3.4.2-4_amd64.deb
 d851bc7f80c3df97e54701f7075c83034e540560 494744 libpython3.4-minimal_3.4.2-4_amd64.deb
 51258c20388596eb97e9b9d468a295cddc961545 1313358 libpython3.4_3.4.2-4_amd64.deb
 a0d15c690ba1939b2350850c6622143d99405417 420448 python3.4-dev_3.4.2-4_amd64.deb
 420c0aba470325ee1544f62f79ec89ad159b4be3 39467742 libpython3.4-dev_3.4.2-4_amd64.deb
 9935393fccd925d777e425cc6097c512ab866b2d 7863702 python3.4-dbg_3.4.2-4_amd64.deb
 0d63174b655c8a41b8f11d8141b81508e394e8a4 5378022 libpython3.4-dbg_3.4.2-4_amd64.deb
Checksums-Sha256:
 f1e9d04645e1af71946c0eeb1401e8decd91fd9a284a77625d84e64e1f894e85 3248 python3.4_3.4.2-4.dsc
 23772782d288f4a7eaf4f912616f1544ad96626b975a7e6e317cd08df9838802 474732 python3.4_3.4.2-4.debian.tar.xz
 8b10f2bb9b00fa710374980526dddc6c4cc437addfea8da1dbeb9cc27c328f03 393624 python3.4-examples_3.4.2-4_all.deb
 2241d89d0430d268b23bfe2c25a17cfed1524fed3a7dd75276bed75c328918ff 3033746 libpython3.4-testsuite_3.4.2-4_all.deb
 4b4f4ff6c47ebf422107c9b07d91674df683df573d23692ebf99a45ebfd1db9d 84078 idle-python3.4_3.4.2-4_all.deb
 98821a9990f83cb8ae4327ca231250ed0b40e710ffe06dba85480eeb4dc754b4 5269234 python3.4-doc_3.4.2-4_all.deb
 d67243f870ec798a3aa54aaaf21a94700c399f0dc639751a0f67f975f9354682 208588 python3.4_3.4.2-4_amd64.deb
 f40773d9d81293aaae4026a0eb91d34e01e257b440348a55cf1c380cb0c314e8 6108 python3.4-venv_3.4.2-4_amd64.deb
 6cf920f30a173e1cf6b3485ced387bf539018fa517408977ce45ebcfef121ef9 2090922 libpython3.4-stdlib_3.4.2-4_amd64.deb
 2369528125ac5684e08b5eeb526691b417061f5b8fa4b5e3da248da0c481af3a 1648852 python3.4-minimal_3.4.2-4_amd64.deb
 ac58b27d64587971fa33045b83460137391360ef50c1539e9b41afe217e7b7d3 494744 libpython3.4-minimal_3.4.2-4_amd64.deb
 d8302dcd8bda409fd0a6a22773a3edf61f687b418cc2d5d9b7d6c941dcf68daf 1313358 libpython3.4_3.4.2-4_amd64.deb
 7658c94e12eeefed42c66a2f680359a42d810b55d97de05e163183b72f40a3a4 420448 python3.4-dev_3.4.2-4_amd64.deb
 1767ba1927fdb70ce925c9d5a2191483cb8cbe0ca538384f11af5595f64b4d22 39467742 libpython3.4-dev_3.4.2-4_amd64.deb
 1fe3fd9a40721610da2e50896eda581af5f8ee322b0b024566b70153bf8a0c3d 7863702 python3.4-dbg_3.4.2-4_amd64.deb
 88eeed8f762c89a3223c9bb916b8a0b8c60d19d163a83e03c198abd3cac75106 5378022 libpython3.4-dbg_3.4.2-4_amd64.deb
Files:
 51cff211ff5052aaa581017c852ba9d2 3248 python optional python3.4_3.4.2-4.dsc
 eabe02e9fd6fadd0c3e2542e212fd3f2 474732 python optional python3.4_3.4.2-4.debian.tar.xz
 ca3b07aeaa812f3d298c58787702bbb5 393624 python optional python3.4-examples_3.4.2-4_all.deb
 5572f2f943ed0d3f4cf46205fa823a56 3033746 libdevel optional libpython3.4-testsuite_3.4.2-4_all.deb
 8eef928d13830b8ab315c05b483c00eb 84078 python optional idle-python3.4_3.4.2-4_all.deb
 0726e08d43c93fb4d56c8851ad0076c4 5269234 doc optional python3.4-doc_3.4.2-4_all.deb
 3c6972608938486a1bdf4e8df97793ad 208588 python optional python3.4_3.4.2-4_amd64.deb
 e0bed77a25bb9a462a7ad0ab0e6d9140 6108 python optional python3.4-venv_3.4.2-4_amd64.deb
 45fcdce42efbf433c7779c8379d5c28f 2090922 python optional libpython3.4-stdlib_3.4.2-4_amd64.deb
 a51db7d8bc8974760352c255903e8065 1648852 python optional python3.4-minimal_3.4.2-4_amd64.deb
 964785c55ad183afdb3ed8453ddbabf7 494744 python optional libpython3.4-minimal_3.4.2-4_amd64.deb
 c17db7030e3bdb0c36fd7695c6ae5b5c 1313358 libs optional libpython3.4_3.4.2-4_amd64.deb
 2c813d35ccf8580a8251c0a0b7c4cb20 420448 python optional python3.4-dev_3.4.2-4_amd64.deb
 6cece203455106a410788f8a89f05c66 39467742 libdevel optional libpython3.4-dev_3.4.2-4_amd64.deb
 db165efc5379df557692d77fd2a26806 7863702 debug extra python3.4-dbg_3.4.2-4_amd64.deb
 e17207520d2aa79e1f555c8ddaf62a5d 5378022 debug extra libpython3.4-dbg_3.4.2-4_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJUnv1GAAoJEL1+qmB3j6b1wPkP/3BqJpxgZC6S7Aaxw289QfgB
PsSKYnlP6mGqjpIsb9+kipeB8aZqs+PxqBFShM7af/ry1Ja6EVacgDHSL1QVDAir
o04t0BEJl5cPF19MPlojZXaSMaErXMpzo8UqmQZJA3KXzJemqoG37xnvp/LNg1m4
CQU1sbZOwRIN6HheIgB6WkzvRmCKgNE2hYonSxE/mETx+d7W9FmMmtziraXj8Coo
cfL6bpDZJJSdJwIqqdgW9Xyx8jnJoGlM1by5cITJOQvrYxLQ4TD1z3zMetub8Hn1
ZTvkjeSgYx2ya5Sa57920KuG2Rh5dzEi5eVDkrm7I0xHUYxPYn0oI5husApid4TV
nnHJynrgQuFqPBaYWPpH/W8Fwxq9rLnoxHBQooOcUAaJsEPJm2NlQDKOzIxwwCgU
KIsWhc90lBgbYTskLv468TKtzmtTtEw8RSv2kcNWBg/vXJjRfCcgebUvhbdjrOKf
lrhOHW1lDYE7dRiSwNT3zAw2W6jrkHgBGe77hO+QtbaMj+YsrND9SZ8VEbpmh40J
o5oTVe2fmBRrTBAXLcbyL5eDfx2lz9BXqYWWKuNkU+Kuqt3X/8sHoMkBIseKldFS
sJNadzPUR50mqrlpARxz7gwpNsomY4cVhQ9MxC9hDdoevqQrpYSjvgbJQ7K7UXpJ
fGus+i2KjsboTCnxhTsf
=i3Yo
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 06 Jul 2015 07:26:42 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 18:18:07 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

python3.4: CVE-2013-1753

Debian Bug report logs - #742927
python3.4: CVE-2013-1753

Vulmon Search

About

Products

Connect

python3.4: CVE-2013-1753

Debian Bug report logs - #742927 python3.4: CVE-2013-1753

Vulmon Search

About

Products

Connect

Debian Bug report logs - #742927
python3.4: CVE-2013-1753