[Python-Dev] Python 2.5.3: call for patches (original) (raw)
Matthias Klose doko at ubuntu.com
Wed Nov 12 08:31:03 CET 2008
- Previous message: [Python-Dev] Python 2.5.3: call for patches
- Next message: [Python-Dev] Python 2.5.3: call for patches
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Martin v. Löwis schrieb:
I would like to apply fixes for some CVE's which are addressed in 2.5 but not yet in 2.4. this would include
CVE-2007-4965 CVE-2008-1679 CVE-2008-1721 CVE-2008-2315 CVE-2008-3144 CVE-2008-1887 CVE-2008-4864 Can you identify the revisions that would need backporting? I could only find (trunk revisions) CVE-2007-4965: r65880 CVE-2008-1721: r62235, issue2586 CVE-2008-3144: issue2588, issue2589, r63734, r63728. CVE-2008-1887: issue2587, r62261, r62271 CVE-2008-4864: r66689 So what about CVE-2008-1679: claimed to be issue1179 in the CVE, but that says it fixes CVE-2007-4965 only?
the original fix for CVE-2007-4965 did miss two chunks, which are included in r65878 on the 2.5 branch.
CVE-2008-2315
this is r65334 on the 2.5 branch and r65335 on the trunk: Security patches from Apple: prevent int overflow when allocating memory this was already checked in, with an added NEWS item in 2.4.5. Moved this to 2.4.6.
In principle, this is fine with me, so go ahead.
Done.
- Previous message: [Python-Dev] Python 2.5.3: call for patches
- Next message: [Python-Dev] Python 2.5.3: call for patches
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]