Your message dated Thu, 07 Aug 2008 00:47:05 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#493797: fixed in python2.5 2.5.2-11
has caused the Debian Bug report #493797,
regarding python2.5: CVE-2008-2316 integer overflow in _hashopenssl.c
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
493797: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493797
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: python2.5
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for python2.5.
CVE-2008-2316[0]:
| Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and
| earlier might allow context-dependent attackers to defeat cryptographic
| digests, related to "partial hashlib hashing of data exceeding 4GB."
Upstream patch:
https://bugzilla.redhat.com/attachment.cgi?id=313350
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2316
http://security-tracker.debian.net/tracker/CVE-2008-2316
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpZcHlpwmFTA.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: python2.5
Source-Version: 2.5.2-11
We believe that the bug you reported is fixed in the latest version of
python2.5, which is due to be installed in the Debian FTP archive:
idle-python2.5_2.5.2-11_all.deb
to pool/main/p/python2.5/idle-python2.5_2.5.2-11_all.deb
python2.5-dbg_2.5.2-11_amd64.deb
to pool/main/p/python2.5/python2.5-dbg_2.5.2-11_amd64.deb
python2.5-dev_2.5.2-11_amd64.deb
to pool/main/p/python2.5/python2.5-dev_2.5.2-11_amd64.deb
python2.5-examples_2.5.2-11_all.deb
to pool/main/p/python2.5/python2.5-examples_2.5.2-11_all.deb
python2.5-minimal_2.5.2-11_amd64.deb
to pool/main/p/python2.5/python2.5-minimal_2.5.2-11_amd64.deb
python2.5_2.5.2-11.diff.gz
to pool/main/p/python2.5/python2.5_2.5.2-11.diff.gz
python2.5_2.5.2-11.dsc
to pool/main/p/python2.5/python2.5_2.5.2-11.dsc
python2.5_2.5.2-11_amd64.deb
to pool/main/p/python2.5/python2.5_2.5.2-11_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Matthias Klose <[EMAIL PROTECTED]> (supplier of updated python2.5 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 06 Aug 2008 06:52:07 +0000
Source: python2.5
Binary: python2.5 python2.5-minimal python2.5-examples python2.5-dev
idle-python2.5 python2.5-dbg
Architecture: source all amd64
Version: 2.5.2-11
Distribution: unstable
Urgency: medium
Maintainer: Matthias Klose <[EMAIL PROTECTED]>
Changed-By: Matthias Klose <[EMAIL PROTECTED]>
Description:
idle-python2.5 - An IDE for Python (v2.5) using Tkinter
python2.5 - An interactive high-level object-oriented language (version 2.5)
python2.5-dbg - Debug Build of the Python Interpreter (version 2.5)
python2.5-dev - Header files and a static library for Python (v2.5)
python2.5-examples - Examples for the Python language (v2.5)
python2.5-minimal - A minimal subset of the Python language (version 2.5)
Closes: 493797
Changes:
python2.5 (2.5.2-11) unstable; urgency=medium
.
* Apply proposed fix for CVE-2008-2316, integer overflow in _hashopenssl.c.
Closes: #493797.
Checksums-Sha1:
4aedc6e7012f62a9053897fb19eaa5143f761c37 1806 python2.5_2.5.2-11.dsc
bdee907b55d9795726ec6f81e4008eb5c67c99b1 243803 python2.5_2.5.2-11.diff.gz
08097575dc809fc8474ba6abefdc7a7316070fc7 647072
python2.5-examples_2.5.2-11_all.deb
fdf5bcec6cbcfa047fa017d6e11b5b5fc5b42400 67316 idle-python2.5_2.5.2-11_all.deb
425e173e89d408681d3c3d9061937822422dd730 3042456 python2.5_2.5.2-11_amd64.deb
c5e9c2d4747f0685db38f7af6d33da4756808e8e 1285736
python2.5-minimal_2.5.2-11_amd64.deb
07567a7c0ac3ec9d13021121991682b10aff7606 2054710
python2.5-dev_2.5.2-11_amd64.deb
5b002596746d822e76f8b094a18168bcfefe992e 8072708
python2.5-dbg_2.5.2-11_amd64.deb
Checksums-Sha256:
eadaf5c33d4f3118993747f047f7edad32c00ba3e4c24d9e87a5befc23c6b2d3 1806
python2.5_2.5.2-11.dsc
c32bbed6f12faaa11842fc5d7ef155a7aa9d418e46a929ff2825d0ff6c552c52 243803
python2.5_2.5.2-11.diff.gz
8b43e7bda5d5f12d1e5d79d593c2d1607c1b61e784239b8a8aa4ab6d6f576b42 647072
python2.5-examples_2.5.2-11_all.deb
9fda0ac58718b6d5708994f0c25a1c5fb24e14a3a6859ba0420f3dff2040fc4c 67316
idle-python2.5_2.5.2-11_all.deb
44e194f1eddac65a00c7a95a64a43b8427eeb3b98178bc4f3360035f041ab542 3042456
python2.5_2.5.2-11_amd64.deb
b6b9869cf2802f6a51b27e36bbed12d4f51f76b96828304070d08e6f2889868d 1285736
python2.5-minimal_2.5.2-11_amd64.deb
b1d9d03bb1f719d0b85f827b604d5f99266dd3cad1de599c29d672042e12ac93 2054710
python2.5-dev_2.5.2-11_amd64.deb
cf08d5c89d8aa71ea88f3207b1d62ca81ea7a2ab512f3d7fea6ae43f45dce8bf 8072708
python2.5-dbg_2.5.2-11_amd64.deb
Files:
047aa26a088696f870734a4480986e8b 1806 python optional python2.5_2.5.2-11.dsc
43cd6da30d6ec5e5e470c3ae9fc3c74a 243803 python optional
python2.5_2.5.2-11.diff.gz
90a6a57658bbfb37586d7b49d15d1715 647072 python optional
python2.5-examples_2.5.2-11_all.deb
07736fa2aa77970afe7545bb486c7e56 67316 python optional
idle-python2.5_2.5.2-11_all.deb
773d9213fd65a14406b47ddc00f53a52 3042456 python optional
python2.5_2.5.2-11_amd64.deb
84c3d8c606a4f68a8273c62f791a13da 1285736 python optional
python2.5-minimal_2.5.2-11_amd64.deb
5d33ffd922ff87e43298cc44e771ba7e 2054710 python optional
python2.5-dev_2.5.2-11_amd64.deb
01a14ba75962b56fd2546649376d3eff 8072708 python extra
python2.5-dbg_2.5.2-11_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFImaIXStlRaw+TLJwRAhfFAJ4slDF2E1ino5e92sp5f17805ZyQgCgsV8I
7oWXH1b7BpMX+EdWaPG0oVQ=
=lkH2
-----END PGP SIGNATURE-----
--- End Message ---
