cvs commit: ports/lang/python25 Makefile ports/lang/python25/files
patch-lib-test_test_bigmem.py patch-lib-test_test_hashlib.py
patch-lib-test_test_strop.py
patch-lib-test_test_support.py patch-lib_seq_tests.py
patch-modules_almodule.c
patch-modules_arraymodule.c patch-modules_gcmodule.c
patch-modules_hashopenssl.c ...
Martin Wilke
miwi at FreeBSD.org
Mon Sep 8 00:14:07 UTC 2008
miwi 2008-09-08 00:14:06 UTC
FreeBSD ports repository
Modified files:
lang/python25 Makefile
Added files:
lang/python25/files patch-lib-test_test_bigmem.py
patch-lib-test_test_hashlib.py
patch-lib-test_test_strop.py
patch-lib-test_test_support.py
patch-lib_seq_tests.py
patch-modules_almodule.c
patch-modules_arraymodule.c
patch-modules_gcmodule.c
patch-modules_hashopenssl.c
patch-modules_mmapmodule.c
patch-modules_selectmodule.c
patch-modules_stropmodule.c
patch-objects_bufferobject.c
patch-objects_longobject.c
patch-objects_obmalloc.c
patch-objects_stringobject.c
patch-objects_tupleobject.c
patch-objects_unicodeobject.c
patch-python_mysnprintf.c
Log:
- Security fixes
Multiple vulnerabilities:
1) Various integer overflow errors exist in core modules e.g. stringobject,
unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, mmapmodule.
2) An integer overflow in the hashlib module can lead to an unreliable cryptographic digest results.
3) Integer overflow errors in the processing of unicode strings can be exploited to cause
buffer overflows on 32-bit systems.
4) An integer overflow exists in the PyOS_vsnprintf() function on architectures that do not
have a "vsnprintf()" function.
5) An integer underflow error in the PyOS_vsnprintf() function when passing zero-length strings
can lead to memory corruption.
PR: 127172 (based on)
Submitted by: bf <bf2006a at yahoo.com>
Obtained from: python svn
Security: CVE-2008-2315, CVE-2008-2316, CVE-2008-3142, CVE-2008-3144, CVE-2008-3143. (vuxml come later)
Revision Changes Path
1.152 +1 -1 ports/lang/python25/Makefile
1.1 +163 -0 ports/lang/python25/files/patch-lib-test_test_bigmem.py (new)
1.1 +41 -0 ports/lang/python25/files/patch-lib-test_test_hashlib.py (new)
1.1 +28 -0 ports/lang/python25/files/patch-lib-test_test_strop.py (new)
1.1 +62 -0 ports/lang/python25/files/patch-lib-test_test_support.py (new)
1.1 +21 -0 ports/lang/python25/files/patch-lib_seq_tests.py (new)
1.1 +14 -0 ports/lang/python25/files/patch-modules_almodule.c (new)
1.1 +33 -0 ports/lang/python25/files/patch-modules_arraymodule.c (new)
1.1 +58 -0 ports/lang/python25/files/patch-modules_gcmodule.c (new)
1.1 +104 -0 ports/lang/python25/files/patch-modules_hashopenssl.c (new)
1.1 +11 -0 ports/lang/python25/files/patch-modules_mmapmodule.c (new)
1.1 +16 -0 ports/lang/python25/files/patch-modules_selectmodule.c (new)
1.1 +31 -0 ports/lang/python25/files/patch-modules_stropmodule.c (new)
1.1 +13 -0 ports/lang/python25/files/patch-objects_bufferobject.c (new)
1.1 +11 -0 ports/lang/python25/files/patch-objects_longobject.c (new)
1.1 +34 -0 ports/lang/python25/files/patch-objects_obmalloc.c (new)
1.1 +49 -0 ports/lang/python25/files/patch-objects_stringobject.c (new)
1.1 +17 -0 ports/lang/python25/files/patch-objects_tupleobject.c (new)
1.1 +115 -0 ports/lang/python25/files/patch-objects_unicodeobject.c (new)
1.1 +55 -0 ports/lang/python25/files/patch-python_mysnprintf.c (new)
More information about the cvs-ports
mailing list