>From searching bugs.python.org, I see that issues referencing CVE-2014-7185, CVE-2013-1752, and CVE-2014-1912 have all been marked as closed. I don't see any issues referencing CVE-2014-4650 via Python's bug tracker, but did spot it on Red Hat's. It appears to be related to issue 21766 ( http://bugs.python.org/issue21766) which has been marked closed, fixed.
So, yes, looks like they're all fixed. On Thu, Apr 14, 2016 at 3:26 AM Gaurav Rastogi -X (garastog - ARICENT TECHNOLOGIES MAURIITIUS LIMITED at Cisco) <garas...@cisco.com> wrote: > Hi, > > We are currently using Python 2.6.7 in our product. > We have received below vulnerabilities from field: > > CVE-2014-7185 > > Integer overflow in bufferobject.c in Python before 2.7.8 allows > context-dependent attackers to > obtain sensitive information from process memory via a large size and > offset in a "buffer" function. > > CVE-2013-1752 > > python: multiple unbound readline() DoS flaws in python stdlib > > CVE-2014-1912 > > python: buffer overflow in socket.recvfrom_into() > > CVE-2014-4650 > > It was discovered that the CGIHTTPServer module incorrectly handled URL > encoded paths. > A remote attacker could use this flaw to execute scripts outside of the > cgi-bin directory, or disclose source of scripts in the cgi-bin directory > > > Currently I can see the 2.7.11 is the latest release as per the below link: > https://www.python.org/downloads/ > > Could you please suggest if the above mentioned vulnerabilities are > resolved in the latest release? > > Regards > Gaurav > -- > https://mail.python.org/mailman/listinfo/python-list > -- https://mail.python.org/mailman/listinfo/python-list
