Python security issue #16039, #16041 and #16042 looks not be fixed on Python 2.7.6 (smtplib/imaplib/poplib of python has a vulnerability due to unlimited readline() from connection)

Bug #1351180 reported by Takenori MATSUMOTO on 2014-08-01
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
python2.7 (Ubuntu)
Low
Unassigned
Trusty
Low
Unassigned

Bug Description

I found that below Python security issues may not be yet fixed on Python 2.7.6 bundled with 14.04LTS. It looks those patches are already applied to Python 3.4 on 14.04LTS. It looks those patches are not included in upstream souce codes on both 2.7.6 and latest 2.7 version (2.7.8).

http://bugs.python.org/issue16039
http://bugs.python.org/issue16041
http://bugs.python.org/issue16042

CVE References

information type: Private Security → Public Security
Jamie Strandboge (jdstrand) wrote :

This is CVE-2013-1752 which is rated as having a 'Low' priority. It should be fixed in a future python update.

Changed in python2.7 (Ubuntu):
status: New → Triaged
importance: Undecided → Low
Matthias Klose (doko) wrote :

fixed for 15.04 / vivid

Changed in python2.7 (Ubuntu):
status: Triaged → Fix Released
Changed in python2.7 (Ubuntu Trusty):
importance: Undecided → Low
status: New → Triaged
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers