Ubuntu
python2.4 package

several vulnerabilities

Bug #227246 reported by disabled.user on 2008-05-06

262

	Status	Importance	Assigned to
python2.4 (Ubuntu)	Fix Released	Medium	Kees Cook
Dapper	Fix Released	Medium	Kees Cook
Feisty	Fix Released	Medium	Kees Cook
Gutsy	Fix Released	Medium	Kees Cook
Hardy	Fix Released	Medium	Kees Cook
python2.5 (Ubuntu)	Fix Released	Medium	Kees Cook
Dapper	Fix Released	Medium	Kees Cook
Feisty	Fix Released	Medium	Kees Cook
Gutsy	Fix Released	Medium	Kees Cook
Hardy	Fix Released	Medium	Kees Cook

Bug Description

Binary package hint: python2.4

References:
DSA 1551-1 (http://www.debian.org/security/2008/dsa-1551)

DSA 1551-1 covers CVE-2007-2052, CVE-2007-4965, CVE-2008-1679, CVE-2008-1721 and CVE-2008-1887.

According to changelogs, the following supported stable releases have some of those CVEs fixed:
- Dapper: CVE-2007-4965 and CVE-2007-2052
- Feisty: CVE-2007-4965
- Gutsy: CVE-2007-4965
- Hardy: CVE-2007-4965, CVE-2008-1679 and CVE-2008-1721

Okay, I'm confused. Could somebody please try to find out which release misses what patch for any of those CVEs?

CVE References

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2008-06-09:

http://www.ubuntu.com/usn/usn-585-1 fixed CVE-2007-2052 and CVE-2007-4965.

This leaves CVE-2008-1679 for Dapper-Gutsy, and CVE-2008-1721 and CVE-2008-1887 for Dapper-Intrepid.

Jamie Strandboge (jdstrand) on 2008-06-09

Changed in python2.4:
status:	New → Confirmed
status:	New → Confirmed
status:	New → Confirmed
status:	New → Confirmed

Revision history for this message

Matthias Klose (doko) wrote on 2008-06-25:

this is fixed in 2.4.5-1ubuntu4 in hardy and intrepid

Changed in python2.4:
status:	New → Fix Released
status:	Confirmed → Fix Released

Revision history for this message

Kees Cook (kees) wrote on 2008-08-01:

This has been published: http://www.ubuntu.com/usn/usn-632-1

Changed in python2.4:
assignee:	nobody → kees
importance:	Undecided → Medium
status:	Confirmed → Fix Released
assignee:	nobody → kees
importance:	Undecided → Medium
status:	Confirmed → Fix Released
assignee:	nobody → kees
importance:	Undecided → Medium
status:	Confirmed → Fix Released
assignee:	nobody → kees
importance:	Undecided → Medium
Changed in python2.5:
assignee:	nobody → kees
importance:	Undecided → Medium
status:	New → Fix Released
assignee:	nobody → kees
importance:	Undecided → Medium
status:	New → Fix Released
assignee:	nobody → kees
importance:	Undecided → Medium
status:	New → Fix Released
assignee:	nobody → kees
importance:	Undecided → Medium
status:	New → Fix Released
assignee:	nobody → kees
importance:	Undecided → Medium
status:	New → Fix Released
Changed in python2.4:
assignee:	nobody → kees
importance:	Undecided → Medium

Report a bug

This report contains Public Security information

Everyone can see this security related information.

Duplicates of this bug

Bug #223196

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntupython2.4 package

several vulnerabilities

Bug Description

CVE References

Duplicates of this bug

Other bug subscribers

Remote bug watches

Ubuntu
python2.4 package