Query regarding python 2.7.11 release
Gaurav Rastogi -X (garastog - ARICENT TECHNOLOGIES MAURIITIUS LIMITED at Cisco)
garastog at cisco.com
Thu Apr 14 02:43:46 EDT 2016
Hi,
We are currently using Python 2.6.7 in our product.
We have received below vulnerabilities from field:
CVE-2014-7185
Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to
obtain sensitive information from process memory via a large size and offset in a "buffer" function.
CVE-2013-1752
python: multiple unbound readline() DoS flaws in python stdlib
CVE-2014-1912
python: buffer overflow in socket.recvfrom_into()
CVE-2014-4650
It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths.
A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose source of scripts in the cgi-bin directory
Currently I can see the 2.7.11 is the latest release as per the below link:
https://www.python.org/downloads/
Could you please suggest if the above mentioned vulnerabilities are resolved in the latest release?
Regards
Gaurav
More information about the Python-list
mailing list