Ubuntu
python2.7 package

Python security issue #14621 (Hash function is not randomized properly)

Bug #1351224 reported by Takenori MATSUMOTO on 2014-08-01

258

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	python2.7 (Ubuntu)	Won't Fix	Low	Unassigned

Bug Description

Due to an incomplete fix for CVE-2012-1150, other CVE-2012-1150 [1] is reported. The following [2] is corresponding bug report in Python upstream.
I'm not 100% sure, but this vulnerability may affect to both Python 2.7 and 3.3 bundled with Ubuntu 14.04LTS.

[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7040
[2] http://bugs.python.org/issue14621

CVE References

2013-7040

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2014-08-08:

Thank you for using Ubuntu and reporting a bug. We will not be issuing a security update for this issue. Please see http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-7040.html for details.

information type:	Private Security → Public Security
Changed in python2.7 (Ubuntu):
importance:	Undecided → Low
status:	New → Won't Fix

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntupython2.7 package