[Bug 1333396] Re: JSON module: reading arbitrary process memory

Jamie Strandboge jamie at ubuntu.com
Thu Jun 26 22:15:57 UTC 2014 

Thank you for reporting this issue. It has been entered into our CVE
tracker and we will supply an update as part of our normal update
process.

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-4616

** Also affects: python2.6 (Ubuntu)
   Importance: Undecided
       Status: New

** Also affects: python2.6 (Ubuntu Lucid)
   Importance: Undecided
       Status: New

** Also affects: python2.7 (Ubuntu Lucid)
   Importance: Undecided
       Status: New

** Also affects: python3.2 (Ubuntu Lucid)
   Importance: Undecided
       Status: New

** Also affects: python3.3 (Ubuntu Lucid)
   Importance: Undecided
       Status: New

** Also affects: python3.4 (Ubuntu Lucid)
   Importance: Undecided
       Status: New

** Also affects: python2.6 (Ubuntu Saucy)
   Importance: Undecided
       Status: New

** Also affects: python2.7 (Ubuntu Saucy)
   Importance: Undecided
       Status: New

** Also affects: python3.2 (Ubuntu Saucy)
   Importance: Undecided
       Status: New

** Also affects: python3.3 (Ubuntu Saucy)
   Importance: Undecided
       Status: New

** Also affects: python3.4 (Ubuntu Saucy)
   Importance: Undecided
       Status: New

** Also affects: python2.6 (Ubuntu Precise)
   Importance: Undecided
       Status: New

** Also affects: python2.7 (Ubuntu Precise)
   Importance: Undecided
       Status: New

** Also affects: python3.2 (Ubuntu Precise)
   Importance: Undecided
       Status: New

** Also affects: python3.3 (Ubuntu Precise)
   Importance: Undecided
       Status: New

** Also affects: python3.4 (Ubuntu Precise)
   Importance: Undecided
       Status: New

** Also affects: python2.6 (Ubuntu Utopic)
   Importance: Undecided
       Status: New

** Also affects: python2.7 (Ubuntu Utopic)
   Importance: Undecided
       Status: New

** Also affects: python3.2 (Ubuntu Utopic)
   Importance: Undecided
       Status: New

** Also affects: python3.3 (Ubuntu Utopic)
   Importance: Undecided
       Status: New

** Also affects: python3.4 (Ubuntu Utopic)
   Importance: Undecided
       Status: New

** Also affects: python2.6 (Ubuntu Trusty)
   Importance: Undecided
       Status: New

** Also affects: python2.7 (Ubuntu Trusty)
   Importance: Undecided
       Status: New

** Also affects: python3.2 (Ubuntu Trusty)
   Importance: Undecided
       Status: New

** Also affects: python3.3 (Ubuntu Trusty)
   Importance: Undecided
       Status: New

** Also affects: python3.4 (Ubuntu Trusty)
   Importance: Undecided
       Status: New

** No longer affects: python3.4 (Ubuntu Saucy)

** No longer affects: python3.4 (Ubuntu Precise)

** No longer affects: python3.4 (Ubuntu Lucid)

** No longer affects: python3.3 (Ubuntu Utopic)

** No longer affects: python3.3 (Ubuntu Trusty)

** No longer affects: python3.3 (Ubuntu Precise)

** No longer affects: python3.3 (Ubuntu Lucid)

** No longer affects: python3.2 (Ubuntu Utopic)

** No longer affects: python3.2 (Ubuntu Trusty)

** No longer affects: python3.2 (Ubuntu Saucy)

** No longer affects: python3.2 (Ubuntu Lucid)

** No longer affects: python2.7 (Ubuntu Lucid)

** No longer affects: python2.6 (Ubuntu Precise)

** No longer affects: python2.6 (Ubuntu Saucy)

** No longer affects: python2.6 (Ubuntu Trusty)

** No longer affects: python2.6 (Ubuntu Utopic)

** Changed in: python2.6 (Ubuntu Lucid)
       Status: New => Triaged

** Changed in: python2.7 (Ubuntu Precise)
       Status: New => Triaged

** Changed in: python2.7 (Ubuntu Saucy)
       Status: New => Triaged

** Changed in: python2.7 (Ubuntu Trusty)
       Status: New => Triaged

** Changed in: python3.2 (Ubuntu Precise)
       Status: New => Triaged

** Changed in: python3.3 (Ubuntu Saucy)
       Status: New => Triaged

** Changed in: python3.4 (Ubuntu Trusty)
       Status: New => Triaged

** Changed in: python2.7 (Ubuntu Utopic)
       Status: New => Fix Released

** Changed in: python3.4 (Ubuntu Utopic)
       Status: New => Fix Released

** Changed in: python2.6 (Ubuntu)
       Status: New => Invalid

** Changed in: python3.2 (Ubuntu)
       Status: New => Invalid

** Changed in: python3.3 (Ubuntu)
       Status: New => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to python3.4 in Ubuntu.
https://bugs.launchpad.net/bugs/1333396

Title:
  JSON module: reading arbitrary process memory

Status in Python:
  Fix Released
Status in “python2.6” package in Ubuntu:
  Invalid
Status in “python2.7” package in Ubuntu:
  Fix Released
Status in “python3.2” package in Ubuntu:
  Invalid
Status in “python3.3” package in Ubuntu:
  Triaged
Status in “python3.4” package in Ubuntu:
  Fix Released
Status in “python2.6” source package in Lucid:
  Triaged
Status in “python2.7” source package in Precise:
  Triaged
Status in “python3.2” source package in Precise:
  Triaged
Status in “python2.7” source package in Saucy:
  Triaged
Status in “python3.3” source package in Saucy:
  Triaged
Status in “python2.7” source package in Trusty:
  Triaged
Status in “python3.4” source package in Trusty:
  Triaged
Status in “python2.7” source package in Utopic:
  Fix Released
Status in “python3.4” source package in Utopic:
  Fix Released
Status in “python2.7” package in Debian:
  New

Bug description:
  As reported upstream, the JSON module of Python is vulnerable for
  reading arbitrary process memory. Please apply the patch as included
  in the upstream bug report: http://bugs.python.org/issue21529

  CVE-2014-4616 is assigned:
  https://security-tracker.debian.org/tracker/CVE-2014-4616

  Patch is applied upstream in 2.7.7, so this only applies to current
  Ubuntu releases.

To manage notifications about this bug go to:
https://bugs.launchpad.net/python/+bug/1333396/+subscriptions

More information about the foundations-bugs mailing list