Tags Tags

python 2.6.6 -> python 2.6.8

June 25th, 2012 - 03:50 am ET by Marc Haber | Report spam
Help Create a new topic
Hi,

a colleague pointed me to the release notes of python 2.6.8, where the
following security issues are listed being fixed:

* oCERT-2011-003, CVE-2012-1150, hash collision denial of service)
* CVE-2012-0876, pyexpat hash randomization
* CVE-2012-0845, SimpleXMLRPCServer denial of service
* CVE-2011-3389, disabling of the CBC IV attack countermeasure in the _ssl module

The python 2.6.8+squeeze release that I have on my squeeze systems
don't mention any CVE numbers. Does this means that those issues have
not been addressed (yet) in Debian? Is the security team working on
backporting those fixes?

Greetings
Marc

Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 31958061
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 31958062


To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/20120625074908.GA17410@torres.zugschlus.de
email Follow the discussionReplies 3 repliesReplies Make a reply

Replies

#1 Marc Haber
June 25th, 2012 - 08:30 am ET | Report spam
Hi Henri,

thanks for your explanation.

On Mon, Jun 25, 2012 at 02:45:57PM +0300, Henri Salo wrote:
On Mon, Jun 25, 2012 at 09:49:08AM +0200, Marc Haber wrote:
> a colleague pointed me to the release notes of python 2.6.8, where the
> following security issues are listed being fixed:
>
> * oCERT-2011-003, CVE-2012-1150, hash collision denial of service)



"[squeeze] - python2.6 <no-dsa> (Minor issue)" means that there will
be no DSA because the issue is so minor that the team decided not to
bother?

> * CVE-2011-3389, disabling of the CBC IV attack countermeasure in the _ssl module



phyton is not listed in
http://security-tracker.debian.org/...2011-3389, does that
mean that nobody yet identified python as being affected? How can
python be added here?

Greetings
Marc

Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 31958061
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 31958062


To UNSUBSCRIBE, email to
with a subject of "unsubscribe". Trouble? Contact
Archive: http://lists.debian.org/

Similar topics

Make your own search :