oss-sec mailing list archives
Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases
From: Josh Bressers <bressers () redhat com>
Date: Wed, 22 Sep 2010 15:54:38 -0400 (EDT)
Any update on this Steve? Thanks. -- JB ----- "Josh Bressers" <bressers () redhat com> wrote:
Steve, I'm going to leave this one up to you. While it's really a python bug, I suspect several affected projects will end up patching themselves (I'm not sure how MITRE hadnles this situation). Thanks. -- JB ----- "Jan Lieskovsky" <jlieskov () redhat com> wrote:Hello Steve, vendors, Giampaolo Rodola reported a deficiency in the implementation of Python's accept() routine: [1] http://bugs.python.org/issue6706 The following seems to be all symptoms for the same issue: A, SMTP (smtpd.py): [2] https://bugzilla.redhat.com/show_bug.cgi?id=632200 [3] http://bugs.python.org/issue9129 B, pyftpdlib: [4] http://code.google.com/p/pyftpdlib/issues/detail?id=104 C, ZODB: [5] https://bugs.launchpad.net/zodb/+bug/135108 D, more? Not sure, how to proceed in this case: i, if assign only one CVE id for [1] or, ii, assign also separate CVE ids for the child symptoms? ([2], [3], [4]) Cc-ed David Malcom on this post, to shed more light how to handlethiscase. Once the way, how to further proceed with this, specified. Stevecouldyou allocate CVE id (ids)? Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request -- Python -- accept() implementation in async core is broken => more subcases Jan Lieskovsky (Sep 09)
- Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases Josh Bressers (Sep 10)
- Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases Josh Bressers (Sep 22)
- Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases Steven M. Christey (Sep 24)
- Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases Josh Bressers (Sep 22)
- Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases Josh Bressers (Sep 10)