maintainer-feedback requested: [Bug 210324] lang/python35, lang/python34, lang/python27: Possible integer overflow and heap corruption in zipimporter (CVE-2016-5636)
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Jun 16 16:16:10 UTC 2016
Vladimir Krstulja <vlad-fbsd at acheronmedia.com> has asked FreeBSD Python
<python at FreeBSD.org> for maintainer-feedback:
Bug 210324: lang/python35, lang/python34, lang/python27: Possible integer
overflow and heap corruption in zipimporter (CVE-2016-5636)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210324
--- Description ---
Created attachment 171488
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=171488&action=edit
VuXML entry for Pythons' vuln CVE-2016-5636
Looks like Python 3.5, 3.4 and 2.7 are vulnerable to CVE-2016-5636.
* Upstream issue: http://bugs.python.org/issue26171
* CVE assignment: http://openwall.com/lists/oss-security/2016/06/16/1
Attached is a vuxml entry patch. Please check it, this is my first vuxml
submission.
I also have not checked the status/vulnerability of python32 and python33, I am
listing the hereby given three versions since that's what the upstream reported
and patched.
More information about the freebsd-python
mailing list