https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210324
Bug ID: 210324
Summary: lang/python35, lang/python34, lang/python27: Possible
integer overflow and heap corruption in zipimporter
(CVE-2016-5636)
Product: Ports & Packages
Version: Latest
Hardware: Any
URL: http://bugs.python.org/issue26171
OS: Any
Status: New
Keywords: needs-qa, patch, security
Severity: Affects Only Me
Priority: ---
Component: Individual Port(s)
Assignee: pyt...@freebsd.org
Reporter: vlad-f...@acheronmedia.com
CC: junovi...@freebsd.org, ports-sect...@freebsd.org,
pyt...@freebsd.org
CC: pyt...@freebsd.org
Assignee: pyt...@freebsd.org
Flags: maintainer-feedback?(pyt...@freebsd.org),
maintainer-feedback?(pyt...@freebsd.org)
Created attachment 171488
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=171488&action=edit
VuXML entry for Pythons' vuln CVE-2016-5636
Looks like Python 3.5, 3.4 and 2.7 are vulnerable to CVE-2016-5636.
* Upstream issue: http://bugs.python.org/issue26171
* CVE assignment: http://openwall.com/lists/oss-security/2016/06/16/1
Attached is a vuxml entry patch. Please check it, this is my first vuxml
submission.
I also have not checked the status/vulnerability of python32 and python33, I am
listing the hereby given three versions since that's what the upstream reported
and patched.
--
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
freebsd-python@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-python
To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
