Описание
** REJECT ** Various versions of Python do not properly restrict readline calls, which allows remote attackers to cause a denial of service (memory consumption) via a long string, related to (1) httplib - fixed in 2.7.4, 2.6.9, and 3.3.3; (2) ftplib - fixed in 2.7.6, 2.6.9, 3.3.3; (3) imaplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; (4) nntplib - fixed in 2.7.6, 2.6.9, 3.3.3; (5) poplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; and (6) smtplib - not yet fixed in 2.7.x, fixed in 2.6.9, not yet fixed in 3.3.x. NOTE: this was REJECTed because it is incompatible with CNT1 "Independently Fixable" in the CVE Counting Decisions.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| esm-infra-legacy/trusty | not-affected | 2.7.6-8ubuntu0.2 |
| lucid | DNE | |
| precise | released | 2.7.3-0ubuntu3.8 |
| quantal | ignored | end of life |
| raring | ignored | end of life |
| saucy | ignored | end of life |
| trusty | released | 2.7.6-8ubuntu0.2 |
| trusty/esm | not-affected | 2.7.6-8ubuntu0.2 |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| lucid | DNE | |
| precise | released | 3.2.3-0ubuntu3.7 |
| quantal | ignored | end of life |
| raring | DNE | |
| saucy | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| esm-infra-legacy/trusty | not-affected | |
| lucid | DNE | |
| precise | DNE | |
| quantal | DNE | |
| raring | DNE | |
| saucy | DNE | |
| trusty | not-affected | |
| trusty/esm | not-affected | |
| upstream | needs-triage |
Показывать по
Связанные уязвимости
It was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory.
Rejected reason: Various versions of Python do not properly restrict readline calls, which allows remote attackers to cause a denial of service (memory consumption) via a long string, related to (1) httplib - fixed in 2.7.4, 2.6.9, and 3.3.3; (2) ftplib - fixed in 2.7.6, 2.6.9, 3.3.3; (3) imaplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; (4) nntplib - fixed in 2.7.6, 2.6.9, 3.3.3; (5) poplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; and (6) smtplib - not yet fixed in 2.7.x, fixed in 2.6.9, not yet fixed in 3.3.x. NOTE: this was REJECTed because it is incompatible with CNT1 "Independently Fixable" in the CVE Counting Decisions
ELSA-2015-1330: python security, bug fix, and enhancement update (MODERATE)
ELSA-2015-2101: python security, bug fix, and enhancement update (MODERATE)