Your message dated Wed, 18 Oct 2006 16:47:33 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#393053: fixed in python2.3 2.3.5-16
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: python2.3
Version: 2.3.5-15
Severity: grave
Tags: security
Justification: user security hole
The repr vulnerability is still unfixed in python 2.3
Buffer overflow in the repr function in Python 2.3 through 2.6 before
20060822 allows context-dependent attackers to cause a denial of
service and possibly execute arbitrary code via crafted wide character
UTF-32/UCS-4 strings to certain scripts.
--- End Message ---
--- Begin Message ---
Source: python2.3
Source-Version: 2.3.5-16
We believe that the bug you reported is fixed in the latest version of
python2.3, which is due to be installed in the Debian FTP archive:
idle-python2.3_2.3.5-16_all.deb
to pool/main/p/python2.3/idle-python2.3_2.3.5-16_all.deb
python2.3-dbg_2.3.5-16_i386.deb
to pool/main/p/python2.3/python2.3-dbg_2.3.5-16_i386.deb
python2.3-dev_2.3.5-16_i386.deb
to pool/main/p/python2.3/python2.3-dev_2.3.5-16_i386.deb
python2.3-examples_2.3.5-16_all.deb
to pool/main/p/python2.3/python2.3-examples_2.3.5-16_all.deb
python2.3-mpz_2.3.5-16_i386.deb
to pool/main/p/python2.3/python2.3-mpz_2.3.5-16_i386.deb
python2.3_2.3.5-16.diff.gz
to pool/main/p/python2.3/python2.3_2.3.5-16.diff.gz
python2.3_2.3.5-16.dsc
to pool/main/p/python2.3/python2.3_2.3.5-16.dsc
python2.3_2.3.5-16_i386.deb
to pool/main/p/python2.3/python2.3_2.3.5-16_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Matthias Klose <[EMAIL PROTECTED]> (supplier of updated python2.3 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 18 Oct 2006 22:36:47 +0200
Source: python2.3
Binary: python2.3 idle-python2.3 python2.3-dev python2.3-dbg python2.3-examples
python2.3-mpz
Architecture: source i386 all
Version: 2.3.5-16
Distribution: unstable
Urgency: medium
Maintainer: Matthias Klose <[EMAIL PROTECTED]>
Changed-By: Matthias Klose <[EMAIL PROTECTED]>
Description:
idle-python2.3 - An IDE for Python (v2.3) using Tkinter
python2.3 - An interactive high-level object-oriented language (version 2.3)
python2.3-dbg - Debug Build of the Python Interpreter (version 2.3)
python2.3-dev - Header files and a static library for Python (v2.3)
python2.3-examples - Examples for the Python language (v2.3)
python2.3-mpz - Multiple-precision arithmetic support for Python (v2.3)
Closes: 391234 393053
Changes:
python2.3 (2.3.5-16) unstable; urgency=medium
.
* SECURITY UPDATE: crafted wide unicode strings can overflow heap leading
to arbitrary code execution. Closes: #393053.
* Add 'debian/patches/unicode-repr.dpatch' to fix overflow.
* References
CVE-2006-4980
http://svn.python.org/view?view=rev&rev=51466
* Fix build error, installing man pages. Closes: #391234.
Files:
1f12bf0dc3a1da83dc6c7364122a9cce 1055 python optional python2.3_2.3.5-16.dsc
f5d86b0505eea6f636bba49eb3094dab 207649 python optional
python2.3_2.3.5-16.diff.gz
6d5b555902df25ba4e9b9cb74107b7cd 514350 python optional
python2.3-examples_2.3.5-16_all.deb
1e5f4f880002482d0b00ad7d2f3b33b1 55180 python optional
idle-python2.3_2.3.5-16_all.deb
3cc4fe3f2e75ffc70f38b0c9f863677c 3101884 python standard
python2.3_2.3.5-16_i386.deb
cc8ee22255fa6ddb96e4dcc9d641089f 31642 python optional
python2.3-mpz_2.3.5-16_i386.deb
15e62ea866b212bed5530ac26198a9ff 1421114 libdevel optional
python2.3-dev_2.3.5-16_i386.deb
a88a3327d24d113dee8d0ce200740e35 4527904 python extra
python2.3-dbg_2.3.5-16_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFNrt/StlRaw+TLJwRAqLdAJ9/TcKO7bEU6tGRZDJj2aQGDFDcAwCgtcMV
Syv29G1E9k+oKjNipmc/v+E=
=pt65
-----END PGP SIGNATURE-----
--- End Message ---
