** Changed in: python2.7 (Debian)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python2.7 in Ubuntu.
https://bugs.launchpad.net/bugs/1333396
Title:
JSON module: reading arbitrary process memory
Status in Python:
Fix Released
Status in python2.6 package in Ubuntu:
Invalid
Status in python2.7 package in Ubuntu:
Fix Released
Status in python3.2 package in Ubuntu:
Invalid
Status in python3.3 package in Ubuntu:
Triaged
Status in python3.4 package in Ubuntu:
Fix Released
Status in python2.6 source package in Lucid:
Won't Fix
Status in python2.7 source package in Precise:
Triaged
Status in python3.2 source package in Precise:
Triaged
Status in python2.7 source package in Saucy:
Won't Fix
Status in python3.3 source package in Saucy:
Won't Fix
Status in python2.7 source package in Trusty:
Triaged
Status in python3.4 source package in Trusty:
Triaged
Status in python2.7 source package in Utopic:
Fix Released
Status in python3.4 source package in Utopic:
Fix Released
Status in python2.7 package in Debian:
Fix Released
Bug description:
As reported upstream, the JSON module of Python is vulnerable for
reading arbitrary process memory. Please apply the patch as included
in the upstream bug report: http://bugs.python.org/issue21529
CVE-2014-4616 is assigned:
https://security-tracker.debian.org/tracker/CVE-2014-4616
Patch is applied upstream in 2.7.7, so this only applies to current
Ubuntu releases.
To manage notifications about this bug go to:
https://bugs.launchpad.net/python/+bug/1333396/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
