Your message dated Mon, 13 Jun 2011 21:47:49 +0000
with message-id <e1qwez7-0005ry...@franck.debian.org>
and subject line Bug#628455: fixed in python2.6 2.6.7-1
has caused the Debian Bug report #628455,
regarding CVE-2011-1521: information disclosure
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
628455: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628455
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: python2.6
Version: 2.6.6-10
Severity: grave
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for python2.6.
CVE-2011-1521[0]:
| The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x
| before 3.2.1 process Location headers that specify redirection to
| file: URLs, which makes it easier for remote attackers to obtain
| sensitive information or cause a denial of service (resource
| consumption) via a crafted URL, as demonstrated by the
| file:///etc/passwd and file:///dev/zero URLs.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
Cheers,
Steffen
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1521
http://security-tracker.debian.org/tracker/CVE-2011-1521
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk3hwLAACgkQ62zWxYk/rQedQwCgmgzdKyhBbg2rBhuHe6gCKbTn
0ewAoLcJiQX1EeYJp/z9K3I9LhuSUUgr
=2Nq9
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: python2.6
Source-Version: 2.6.7-1
We believe that the bug you reported is fixed in the latest version of
python2.6, which is due to be installed in the Debian FTP archive:
idle-python2.6_2.6.7-1_all.deb
to main/p/python2.6/idle-python2.6_2.6.7-1_all.deb
libpython2.6_2.6.7-1_amd64.deb
to main/p/python2.6/libpython2.6_2.6.7-1_amd64.deb
python2.6-dbg_2.6.7-1_amd64.deb
to main/p/python2.6/python2.6-dbg_2.6.7-1_amd64.deb
python2.6-dev_2.6.7-1_amd64.deb
to main/p/python2.6/python2.6-dev_2.6.7-1_amd64.deb
python2.6-doc_2.6.7-1_all.deb
to main/p/python2.6/python2.6-doc_2.6.7-1_all.deb
python2.6-examples_2.6.7-1_all.deb
to main/p/python2.6/python2.6-examples_2.6.7-1_all.deb
python2.6-minimal_2.6.7-1_amd64.deb
to main/p/python2.6/python2.6-minimal_2.6.7-1_amd64.deb
python2.6_2.6.7-1.diff.gz
to main/p/python2.6/python2.6_2.6.7-1.diff.gz
python2.6_2.6.7-1.dsc
to main/p/python2.6/python2.6_2.6.7-1.dsc
python2.6_2.6.7-1_amd64.deb
to main/p/python2.6/python2.6_2.6.7-1_amd64.deb
python2.6_2.6.7.orig.tar.gz
to main/p/python2.6/python2.6_2.6.7.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 628...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Matthias Klose <d...@debian.org> (supplier of updated python2.6 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 13 Jun 2011 22:26:29 +0200
Source: python2.6
Binary: python2.6 python2.6-minimal libpython2.6 python2.6-examples
python2.6-dev idle-python2.6 python2.6-doc python2.6-dbg
Architecture: source all amd64
Version: 2.6.7-1
Distribution: unstable
Urgency: low
Maintainer: Matthias Klose <d...@debian.org>
Changed-By: Matthias Klose <d...@debian.org>
Description:
idle-python2.6 - An IDE for Python (v2.6) using Tkinter
libpython2.6 - Shared Python runtime library (version 2.6)
python2.6 - An interactive high-level object-oriented language (version 2.6)
python2.6-dbg - Debug Build of the Python Interpreter (version 2.6)
python2.6-dev - Header files and a static library for Python (v2.6)
python2.6-doc - Documentation for the high-level object-oriented language
Python
python2.6-examples - Examples for the Python language (v2.6)
python2.6-minimal - A minimal subset of the Python language (version 2.6)
Closes: 628455
Changes:
python2.6 (2.6.7-1) unstable; urgency=low
.
* Python 2.6.7 final release.
- Issue #11662: Make urllib and urllib2 ignore redirections if the
scheme is not HTTP, HTTPS or FTP (CVE-2011-1521). Closes: #628455.
- Issue #11442: Add a charset parameter to the Content-type in
SimpleHTTPServer to avoid XSS attacks.
Checksums-Sha1:
3ffeaec8771ba2b693f6c91cbf5bff01c5000ec6 1792 python2.6_2.6.7-1.dsc
c7dc55c325fd8806ab4a539370ce47b3bdf22c02 13332111 python2.6_2.6.7.orig.tar.gz
54083df4c8e66e43c003fb64a2035bce17d1fbc9 267273 python2.6_2.6.7-1.diff.gz
035debbac8a73291f770b82458525c13ea894d6e 695128
python2.6-examples_2.6.7-1_all.deb
c88090ad1c865de055d402d9cec32887dae24aa7 296638 idle-python2.6_2.6.7-1_all.deb
ecf0697440a02301e421eeccacc9bf80b5c16784 5772216 python2.6-doc_2.6.7-1_all.deb
0c96bec322599ebb5fd748c0132c8cf9f6d06dc1 2467006 python2.6_2.6.7-1_amd64.deb
dc2a30d0be37f51b35987c28398171a6f12b50f3 1523562
python2.6-minimal_2.6.7-1_amd64.deb
36795c07800511b0e286089e61af1cc2865b9c1e 1086594 libpython2.6_2.6.7-1_amd64.deb
81ce2c8c674a5c931ffeada41c7eb5a81b3c27b6 4834084
python2.6-dev_2.6.7-1_amd64.deb
dc71f0cd0387a230b39dd57641e30a316fd243dc 12441648
python2.6-dbg_2.6.7-1_amd64.deb
Checksums-Sha256:
a89c7481cfffae80b4c7d948678374045f2dd2bb3cf3ff7d0f3a2f732177ad73 1792
python2.6_2.6.7-1.dsc
24ce6965e652558b86eb54abac5cdfda37d47bf83849c43f59bb9aa434923b56 13332111
python2.6_2.6.7.orig.tar.gz
4f8281c2e80b64fbfccb67a141772517e475931d042b1e2caeeed51214ef3085 267273
python2.6_2.6.7-1.diff.gz
eb7d50d2978949b7ef60fbf21b3e12d6e39cd444beeaa4b1a09779aabc5e16c5 695128
python2.6-examples_2.6.7-1_all.deb
00c34f860e53dc2764bea72dda4ab3b73f5ff2a25605ec3478f02a65f504b34b 296638
idle-python2.6_2.6.7-1_all.deb
6a9355ea1fe585cc814a9f59a2ab8ad6f32e6a280ad7efe042eef2910e7ec50f 5772216
python2.6-doc_2.6.7-1_all.deb
07bfe961913cb39d2304830325b2520d5d7f83189d4993de6000364576eb4cf7 2467006
python2.6_2.6.7-1_amd64.deb
1c8dad33b979b2045a53a6186d28017f43ddb933a56652434062afd8dbb258d6 1523562
python2.6-minimal_2.6.7-1_amd64.deb
3dd11247f64310faede87efb53286dbd459850f04b7a26c700a2f82e8472283c 1086594
libpython2.6_2.6.7-1_amd64.deb
92bc2cba346767fae8f68013df6609be6385361be451ec768c66c749eebe6257 4834084
python2.6-dev_2.6.7-1_amd64.deb
67a383a4f56e7b1cfb118c0fead7775fd46d33803d52cac3b0218fe17a53586d 12441648
python2.6-dbg_2.6.7-1_amd64.deb
Files:
09ad9cabbdcfd769bb6c8e0e6f01fa2e 1792 python optional python2.6_2.6.7-1.dsc
000d7a8251855983bcaffdf311dc8a63 13332111 python optional
python2.6_2.6.7.orig.tar.gz
09f1f463692246108488cc66b4dfde82 267273 python optional
python2.6_2.6.7-1.diff.gz
138b9cabdfd1b57633e5624724bcfcaf 695128 python optional
python2.6-examples_2.6.7-1_all.deb
87d7f78b19bdc9a8649cdff5b73b218c 296638 python optional
idle-python2.6_2.6.7-1_all.deb
86d5a710fb6c996f2b3ab2e3ce479bd4 5772216 doc optional
python2.6-doc_2.6.7-1_all.deb
fdb7b6f94279dc0bc2a663022691d43d 2467006 python standard
python2.6_2.6.7-1_amd64.deb
697ace277412f61dd0480313a9fbe7b2 1523562 python standard
python2.6-minimal_2.6.7-1_amd64.deb
34394ea630fb7b24f7877e51f60e0130 1086594 libs standard
libpython2.6_2.6.7-1_amd64.deb
9dfa197c7affdbd29811ba55843e0f90 4834084 python optional
python2.6-dev_2.6.7-1_amd64.deb
5abf9142e648adc73febf724670a7b08 12441648 debug extra
python2.6-dbg_2.6.7-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk32g2kACgkQStlRaw+TLJzRagCeJPBwdkt9Kq/LuxBYxV2DYS9G
uVsAn3Tk6s61uvWKYidwWd5U8/pgGvIR
=KA7I
-----END PGP SIGNATURE-----
--- End Message ---
