*** This bug is a security vulnerability *** Public security bug reported:
As reported upstream, the JSON module of Python is vulnerable for reading arbitrary process memory. Please apply the patch as included in the upstream bug report: http://bugs.python.org/issue21529 I'm not aware of any CVE assigned to this bug. Patch is applied upstream in 2.7.7, so this only applies to current Ubuntu releases. ** Affects: python Importance: Unknown Status: Unknown ** Affects: python2.7 (Ubuntu) Importance: Undecided Status: New ** Affects: python3.2 (Ubuntu) Importance: Undecided Status: New ** Affects: python3.3 (Ubuntu) Importance: Undecided Status: New ** Affects: python3.4 (Ubuntu) Importance: Undecided Status: New ** Affects: python2.7 (Debian) Importance: Unknown Status: Unknown ** Bug watch added: Debian Bug tracker #752395 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752395 ** Also affects: python2.7 (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752395 Importance: Unknown Status: Unknown ** Information type changed from Private Security to Public Security ** Bug watch added: Python Roundup #21529 http://bugs.python.org/issue21529 ** Also affects: python via http://bugs.python.org/issue21529 Importance: Unknown Status: Unknown ** Also affects: python3.2 (Ubuntu) Importance: Undecided Status: New ** Also affects: python3.3 (Ubuntu) Importance: Undecided Status: New ** Also affects: python3.4 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1333396 Title: JSON module: reading arbitrary process memory To manage notifications about this bug go to: https://bugs.launchpad.net/python/+bug/1333396/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
