CVE-2007-2052
Published: 16 April 2007
Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
python2.3 Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
|
| edgy |
Does not exist
|
|
| feisty |
Does not exist
|
|
| gutsy |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
python2.4 Launchpad, Ubuntu, Debian |
dapper |
Released
(2.4.3-0ubuntu6.1)
|
| edgy |
Released
(2.4.4~c1-0ubuntu1.1)
|
|
| feisty |
Not vulnerable
|
|
| gutsy |
Not vulnerable
|
|
| upstream |
Released
(2.4.4-3)
|
|
|
Patches: vendor: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=strxfrm-leak.patch;att=1;bug=416931 |
||
|
python2.5 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| edgy |
Released
(2.5-2ubuntu2.1)
|
|
| feisty |
Not vulnerable
|
|
| gutsy |
Not vulnerable
|
|
| upstream |
Released
(2.5.1-1)
|
|
|
Patches: vendor: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=strxfrm-leak.patch;att=1;bug=416931 |
||