Python 2.4 with security fix in etch

To: debian-release@lists.debian.org
Cc: Matthias Klose <doko@debian.org>
Subject: Python 2.4 with security fix in etch
From: Ted Percival <ted@midg3t.net>
Date: Sun, 22 Oct 2006 01:11:03 +1000
Message-id: <[🔎] 453A3887.2070605@midg3t.net>

python2.4 in testing (etch) is currently vulnerable to a buffer overflow
as described in CVE-2006-4980 [1] and PSF-2006-001 [2]. The
vulnerability was fixed in 2.4.3-9 but 2.4.3-8 is frozen in testing so
the fixed package will not propagate automatically.

The QA package page[3] suggests contacting this mailing list "if update
is needed".

Please keep me on the CC in replies as I am not subscribed to the
debian-release list.

Cheers,
-Ted

[1] CVE-2006-4980:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980
[2] PSF-2006-001: http://www.python.org/news/security/PSF-2006-001/
[3] QA page for python2.4:
http://packages.qa.debian.org/p/python2.4.html

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Prev by Date: Fixing double free bug in opencdk8/etch
Next by Date: Re: [Pkg-kbd-devel] Why console-setup is not migrating to testing
Previous by thread: Re: Fixing double free bug in opencdk8/etch
Next by thread: python 2.4.4 for etch
Index(es):
- Date
- Thread