Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2007-2052

Published: 16 April 2007

Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination.

Priority

Low

Status

Package Release Status
python2.5
Launchpad, Ubuntu, Debian
upstream
Released (2.5.1-1)
dapper Does not exist

edgy
Released (2.5-2ubuntu2.1)
feisty Not vulnerable

gutsy Not vulnerable

Patches:

vendor: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=strxfrm-leak.patch;att=1;bug=416931
python2.4
Launchpad, Ubuntu, Debian
upstream
Released (2.4.4-3)
dapper
Released (2.4.3-0ubuntu6.1)
edgy
Released (2.4.4~c1-0ubuntu1.1)
feisty Not vulnerable

gutsy Not vulnerable

Patches:
vendor: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=strxfrm-leak.patch;att=1;bug=416931

python2.3
Launchpad, Ubuntu, Debian
upstream Needs triage

dapper Not vulnerable

edgy Does not exist

feisty Does not exist

gutsy Does not exist