[DLA 25-1] python2.6 security update

To: debian-lts-announce@lists.debian.org
Subject: [DLA 25-1] python2.6 security update
From: Raphael Geissert <geissert@debian.org>
Date: Thu, 31 Jul 2014 23:07:32 +0200
Message-id: <[🔎] 2654302.lB1BlQLvOF@eee>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Package        : python2.6
Version        : 2.6.6-8+deb6u1
CVE ID         : CVE-2011-1015 CVE-2011-1521 CVE-2011-4940 CVE-2011-4944 
                 CVE-2012-0845 CVE-2012-1150 CVE-2013-4238 CVE-2014-1912

Multiple vulnerabilities were discovered in python2.6. The more
relevant are:

CVE-2013-4238

    Incorrect handling of NUL bytes in certificate hostnames may allow
    server spoofing via specially-crafted certificates signed by
    a trusted Certification Authority.

CVE-2014-1912

    Buffer overflow in socket.recvfrom_into leading to application
    crash and possibly code execution.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iEYEARECAAYFAlPasBQACgkQYy49rUbZzloDRACbBvBmhXP/ruUfG1A82ID6MyW3
C5UAn15SLj2jAfIIn1czbdgm3obw0Kpd
=WCtU
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [DLA 27-1] file security update
Next by Date: [DLA 17-1] tor: new upstream version
Previous by thread: [DLA 27-1] file security update
Next by thread: [DLA 17-1] tor: new upstream version
Index(es):
- Date
- Thread