[Bug 1333396] [NEW] JSON module: reading arbitrary process memory

Gert van Dijk gertvdijk+launchpad at gmail.com
Mon Jun 23 19:42:19 UTC 2014 

*** This bug is a security vulnerability ***

Public security bug reported:

As reported upstream, the JSON module of Python is vulnerable for
reading arbitrary process memory. Please apply the patch as included in
the upstream bug report: http://bugs.python.org/issue21529

I'm not aware of any CVE assigned to this bug.

Patch is applied upstream in 2.7.7, so this only applies to current
Ubuntu releases.

** Affects: python
     Importance: Unknown
         Status: Unknown

** Affects: python2.7 (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: python3.2 (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: python3.3 (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: python3.4 (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: python2.7 (Debian)
     Importance: Unknown
         Status: Unknown

** Bug watch added: Debian Bug tracker #752395
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752395

** Also affects: python2.7 (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752395
   Importance: Unknown
       Status: Unknown

** Information type changed from Private Security to Public Security

** Bug watch added: Python Roundup #21529
   http://bugs.python.org/issue21529

** Also affects: python via
   http://bugs.python.org/issue21529
   Importance: Unknown
       Status: Unknown

** Also affects: python3.2 (Ubuntu)
   Importance: Undecided
       Status: New

** Also affects: python3.3 (Ubuntu)
   Importance: Undecided
       Status: New

** Also affects: python3.4 (Ubuntu)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to python2.7 in Ubuntu.
https://bugs.launchpad.net/bugs/1333396

Title:
  JSON module: reading arbitrary process memory

Status in Python:
  Unknown
Status in “python2.7” package in Ubuntu:
  New
Status in “python3.2” package in Ubuntu:
  New
Status in “python3.3” package in Ubuntu:
  New
Status in “python3.4” package in Ubuntu:
  New
Status in “python2.7” package in Debian:
  Unknown

Bug description:
  As reported upstream, the JSON module of Python is vulnerable for
  reading arbitrary process memory. Please apply the patch as included
  in the upstream bug report: http://bugs.python.org/issue21529

  I'm not aware of any CVE assigned to this bug.

  Patch is applied upstream in 2.7.7, so this only applies to current
  Ubuntu releases.

To manage notifications about this bug go to:
https://bugs.launchpad.net/python/+bug/1333396/+subscriptions

More information about the foundations-bugs mailing list