Query regarding python 2.7.11 release
Michael Selik
michael.selik at gmail.com
Fri Apr 29 14:23:21 EDT 2016
>From searching bugs.python.org, I see that issues referencing CVE-2014-7185,
CVE-2013-1752, and CVE-2014-1912 have all been marked as closed. I don't
see any issues referencing CVE-2014-4650 via Python's bug tracker, but did
spot it on Red Hat's. It appears to be related to issue 21766 (
http://bugs.python.org/issue21766) which has been marked closed, fixed.
So, yes, looks like they're all fixed.
On Thu, Apr 14, 2016 at 3:26 AM Gaurav Rastogi -X (garastog - ARICENT
TECHNOLOGIES MAURIITIUS LIMITED at Cisco) <garastog at cisco.com> wrote:
> Hi,
>
> We are currently using Python 2.6.7 in our product.
> We have received below vulnerabilities from field:
>
> CVE-2014-7185
>
> Integer overflow in bufferobject.c in Python before 2.7.8 allows
> context-dependent attackers to
> obtain sensitive information from process memory via a large size and
> offset in a "buffer" function.
>
> CVE-2013-1752
>
> python: multiple unbound readline() DoS flaws in python stdlib
>
> CVE-2014-1912
>
> python: buffer overflow in socket.recvfrom_into()
>
> CVE-2014-4650
>
> It was discovered that the CGIHTTPServer module incorrectly handled URL
> encoded paths.
> A remote attacker could use this flaw to execute scripts outside of the
> cgi-bin directory, or disclose source of scripts in the cgi-bin directory
>
>
> Currently I can see the 2.7.11 is the latest release as per the below link:
> https://www.python.org/downloads/
>
> Could you please suggest if the above mentioned vulnerabilities are
> resolved in the latest release?
>
> Regards
> Gaurav
> --
> https://mail.python.org/mailman/listinfo/python-list
>
More information about the Python-list
mailing list