[Bug 1333396] Re: JSON module: reading arbitrary process memory
Gert van Dijk
gertvdijk+launchpad at gmail.com
Tue Jun 24 09:21:01 UTC 2014
** Description changed:
As reported upstream, the JSON module of Python is vulnerable for
reading arbitrary process memory. Please apply the patch as included in
the upstream bug report: http://bugs.python.org/issue21529
- I'm not aware of any CVE assigned to this bug.
+ CVE-2014-4616 is assigned:
+ https://security-tracker.debian.org/tracker/CVE-2014-4616
Patch is applied upstream in 2.7.7, so this only applies to current
Ubuntu releases.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to python3.4 in Ubuntu.
https://bugs.launchpad.net/bugs/1333396
Title:
JSON module: reading arbitrary process memory
Status in Python:
Fix Released
Status in “python2.7” package in Ubuntu:
New
Status in “python3.2” package in Ubuntu:
New
Status in “python3.3” package in Ubuntu:
New
Status in “python3.4” package in Ubuntu:
New
Status in “python2.7” package in Debian:
New
Bug description:
As reported upstream, the JSON module of Python is vulnerable for
reading arbitrary process memory. Please apply the patch as included
in the upstream bug report: http://bugs.python.org/issue21529
CVE-2014-4616 is assigned:
https://security-tracker.debian.org/tracker/CVE-2014-4616
Patch is applied upstream in 2.7.7, so this only applies to current
Ubuntu releases.
To manage notifications about this bug go to:
https://bugs.launchpad.net/python/+bug/1333396/+subscriptions
More information about the foundations-bugs
mailing list