Package: pyton2.5 Version: 2.5-5+etch1 Severity: grave Tags: security patch
Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for pyton2.5. CVE-2008-4864[0]: | Multiple integer overflows in imageop.c in the imageop module in | Python 1.5.2 through 2.5.1 allow context-dependent attackers to break | out of the Python VM and execute arbitrary code via large integer | values in certain arguments to the crop function, leading to a buffer | overflow, a different vulnerability than CVE-2007-4965 and | CVE-2008-1679. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. Upstream patch: http://svn.python.org/view/python/trunk/Modules/imageop.c?p2=%2Fpython%2Ftrunk%2FModules%2Fimageop.c&p1=python%2Ftrunk%2FModules%2Fimageop.c&r1=66689&r2=66688&rev=66689&view=diff&diff_format=u For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4864 http://security-tracker.debian.net/tracker/CVE-2008-4864 -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpsU1gnojjO3.pgp
Description: PGP signature
