Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2010-1634 and CVE-2010-2089

Related Vulnerabilities: CVE-2010-1634   CVE-2010-2089  

Source

Debian Bug report logs - #599739
CVE-2010-1634 and CVE-2010-2089

version graph

Package: python2.5; Maintainer for python2.5 is (unknown);

Reported by: Moritz Muehlenhoff <jmm@debian.org>

Date: Sun, 10 Oct 2010 17:33:02 UTC

Severity: grave

Tags: security

Fixed in version python2.5/2.5.5-9

Done: Matthias Klose <doko@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Matthias Klose <doko@debian.org>:
Bug#599739; Package python2.5. (Sun, 10 Oct 2010 17:33:05 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Matthias Klose <doko@debian.org>. (Sun, 10 Oct 2010 17:33:05 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2010-1634 and CVE-2010-2089
Date: Sun, 10 Oct 2010 19:28:58 +0200
[Message part 1 (text/plain, inline)]
Package: python2.5
Severity: grave
Tags: security

CVE-2010-1634 and CVE-2010-2089 are fixed in the other Python packages
in Squeeze, but still unfixed for python2.5.

Patch attached.

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages python2.5 depends on:
ii  libbz2-1.0                1.0.5-4        high-quality block-sorting file co
ii  libc6                     2.11.2-2       Embedded GNU C Library: Shared lib
pn  libdb4.5                  <none>         (no description available)
ii  libncursesw5              5.7+20100313-2 shared libraries for terminal hand
ii  libreadline6              6.1-3          GNU readline and history libraries
ii  libsqlite3-0              3.7.0.1-1      SQLite 3 shared library
ii  libssl0.9.8               0.9.8o-1       SSL shared libraries
ii  mime-support              3.48-1         MIME files 'mime.types' & 'mailcap
pn  python2.5-minimal         <none>         (no description available)

python2.5 recommends no packages.

Versions of packages python2.5 suggests:
pn  python-profiler               <none>     (no description available)
pn  python2.5-doc                 <none>     (no description available)

[py25-CVE-2010-1634_2089.patch (text/x-c, attachment)]

Reply sent to Matthias Klose <doko@debian.org>:
You have taken responsibility. (Sat, 16 Oct 2010 14:39:09 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Sat, 16 Oct 2010 14:39:09 GMT) (full text, mbox, link).

Message #10 received at 599739-close@bugs.debian.org (full text, mbox, reply):

From: Matthias Klose <doko@debian.org>
To: 599739-close@bugs.debian.org
Subject: Bug#599739: fixed in python2.5 2.5.5-9
Date: Sat, 16 Oct 2010 14:34:24 +0000
Source: python2.5
Source-Version: 2.5.5-9

We believe that the bug you reported is fixed in the latest version of
python2.5, which is due to be installed in the Debian FTP archive:

idle-python2.5_2.5.5-9_all.deb
  to main/p/python2.5/idle-python2.5_2.5.5-9_all.deb
python2.5-dbg_2.5.5-9_i386.deb
  to main/p/python2.5/python2.5-dbg_2.5.5-9_i386.deb
python2.5-dev_2.5.5-9_i386.deb
  to main/p/python2.5/python2.5-dev_2.5.5-9_i386.deb
python2.5-doc_2.5.5-9_all.deb
  to main/p/python2.5/python2.5-doc_2.5.5-9_all.deb
python2.5-examples_2.5.5-9_all.deb
  to main/p/python2.5/python2.5-examples_2.5.5-9_all.deb
python2.5-minimal_2.5.5-9_i386.deb
  to main/p/python2.5/python2.5-minimal_2.5.5-9_i386.deb
python2.5_2.5.5-9.diff.gz
  to main/p/python2.5/python2.5_2.5.5-9.diff.gz
python2.5_2.5.5-9.dsc
  to main/p/python2.5/python2.5_2.5.5-9.dsc
python2.5_2.5.5-9_i386.deb
  to main/p/python2.5/python2.5_2.5.5-9_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 599739@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Matthias Klose <doko@debian.org> (supplier of updated python2.5 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 16 Oct 2010 13:09:09 +0200
Source: python2.5
Binary: python2.5 python2.5-minimal python2.5-examples python2.5-dev idle-python2.5 python2.5-dbg python2.5-doc
Architecture: source all i386
Version: 2.5.5-9
Distribution: unstable
Urgency: low
Maintainer: Matthias Klose <doko@debian.org>
Changed-By: Matthias Klose <doko@debian.org>
Description: 
 idle-python2.5 - An IDE for Python (v2.5) using Tkinter
 python2.5  - An interactive high-level object-oriented language (version 2.5)
 python2.5-dbg - Debug Build of the Python Interpreter (version 2.5)
 python2.5-dev - Header files and a static library for Python (v2.5)
 python2.5-doc - Documentation for the high-level object-oriented language Python
 python2.5-examples - Examples for the Python language (v2.5)
 python2.5-minimal - A minimal subset of the Python language (version 2.5)
Closes: 527455 599739
Changes: 
 python2.5 (2.5.5-9) unstable; urgency=low
 .
   * Lib/locale.py: Update locale aliases from the py3k branch.
   * Add copyright information for expat, libffi and zlib. Addresses: #596276.
   * Apply fixes for CVE-2010-1634 and CVE-2010-2089. Closes: #599739.
   * Build using Berkley DB 4.8 (Julien Cristau). Closes: #527455.
   * Disable more tests on the buildds on hppa, mips and mipsel.
Checksums-Sha1: 
 29f5800e4a55ed220a856b6eb53f4545cb7376dd 1817 python2.5_2.5.5-9.dsc
 b960abe49c3af106d84f4c293d8c4ef077cfa264 470294 python2.5_2.5.5-9.diff.gz
 fb3891152e62659124d0606e8068d472954f74da 653406 python2.5-examples_2.5.5-9_all.deb
 4ac444c3f5e4c2ce09d679fda7292fce878780c0 69868 idle-python2.5_2.5.5-9_all.deb
 14bc9eda0805bfccab4a6955d6fffdadc0f23933 3851854 python2.5-doc_2.5.5-9_all.deb
 03888f98de017786b4304964477410ff0508cf31 2928148 python2.5_2.5.5-9_i386.deb
 99bdfc7b45894cdbdae2e0b740e900018147deca 1216344 python2.5-minimal_2.5.5-9_i386.deb
 b56b33aa8824e63440de79ea8d056cfdf5641847 1719428 python2.5-dev_2.5.5-9_i386.deb
 8871cb6325fb16338e9ea3b73a29f805af55de8a 7394240 python2.5-dbg_2.5.5-9_i386.deb
Checksums-Sha256: 
 513612d93c4ed155834ae4c4a52bd472dd1a608ba2be6969a350b8f70671e5fc 1817 python2.5_2.5.5-9.dsc
 d7331568a6859a56ac931650cba93d60e312de80fae200cda3abe93a85fa9f1f 470294 python2.5_2.5.5-9.diff.gz
 80cb8a91f4c57233b02d30752be1c6d97f5b83d8f23d6c9d5f88106c4e69c827 653406 python2.5-examples_2.5.5-9_all.deb
 61063906f866e8afa49ad4bb1a6abe8db7dec140c0d1daea38265eea003a2b27 69868 idle-python2.5_2.5.5-9_all.deb
 15a1c949c1acd5aeef29fe25cfb5c334ba6eb97de5ea3885e7a462ca94f2893f 3851854 python2.5-doc_2.5.5-9_all.deb
 c2aac34e1f18f529cb9af52ffb7052e21b373337dc3d0d1da87f5ee48501ba45 2928148 python2.5_2.5.5-9_i386.deb
 89313e17b41d4d5924ef2a1245398bcd019a727d3a7f150b6359523b29925406 1216344 python2.5-minimal_2.5.5-9_i386.deb
 d124a91cdea869e875249290c0a1954e8bb3d2097a03485b722d6d9a920a6356 1719428 python2.5-dev_2.5.5-9_i386.deb
 08a084261546429db33b8b992a9469afd7f30b4994a663990b8d8bffaad83915 7394240 python2.5-dbg_2.5.5-9_i386.deb
Files: 
 52dde57bd6208c87738ae4735c31d282 1817 python optional python2.5_2.5.5-9.dsc
 d06d5ef22e242d05d2f51987420caad0 470294 python optional python2.5_2.5.5-9.diff.gz
 3fdf997ada8b128217bf521fff375906 653406 python optional python2.5-examples_2.5.5-9_all.deb
 332a41af962cd995832278983fca8db9 69868 python optional idle-python2.5_2.5.5-9_all.deb
 545b7ee537a25dd86eb799cbe84ec1e5 3851854 doc optional python2.5-doc_2.5.5-9_all.deb
 85d0e37d88d861e052971516256d0827 2928148 python optional python2.5_2.5.5-9_i386.deb
 6a819133fcddb573f01d6860016b8544 1216344 python optional python2.5-minimal_2.5.5-9_i386.deb
 53cafe2cb211910cea9cfe68175954a2 1719428 python optional python2.5-dev_2.5.5-9_i386.deb
 d1b780e75c4a788b87ce417b39d93d9c 7394240 debug extra python2.5-dbg_2.5.5-9_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAky5qgAACgkQStlRaw+TLJyjtgCeIO7aXpXkbOPrPy8vw3owU+VZ
dH4Ani0pYJ3Q7Z+U+I91A85r5T33Y6Nc
=XzOT
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 15 Nov 2010 07:32:24 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 17:01:38 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started