Date: Mon, 8 Sep 2008 00:14:06 +0000 (UTC) From: Martin Wilke <miwi@FreeBSD.org> To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/lang/python25 Makefile ports/lang/python25/files patch-lib-test_test_bigmem.py patch-lib-test_test_hashlib.py patch-lib-test_test_strop.py patch-lib-test_test_support.py patch-lib_seq_tests.py patch-modules_almodule.c patch-modules_arraymodule.c patch-modules_gcmodule.c patch-modules_hashopenssl.c ... Message-ID: <200809080014.m880E6qr045615@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
miwi 2008-09-08 00:14:06 UTC FreeBSD ports repository Modified files: lang/python25 Makefile Added files: lang/python25/files patch-lib-test_test_bigmem.py patch-lib-test_test_hashlib.py patch-lib-test_test_strop.py patch-lib-test_test_support.py patch-lib_seq_tests.py patch-modules_almodule.c patch-modules_arraymodule.c patch-modules_gcmodule.c patch-modules_hashopenssl.c patch-modules_mmapmodule.c patch-modules_selectmodule.c patch-modules_stropmodule.c patch-objects_bufferobject.c patch-objects_longobject.c patch-objects_obmalloc.c patch-objects_stringobject.c patch-objects_tupleobject.c patch-objects_unicodeobject.c patch-python_mysnprintf.c Log: - Security fixes Multiple vulnerabilities: 1) Various integer overflow errors exist in core modules e.g. stringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, mmapmodule. 2) An integer overflow in the hashlib module can lead to an unreliable cryptographic digest results. 3) Integer overflow errors in the processing of unicode strings can be exploited to cause buffer overflows on 32-bit systems. 4) An integer overflow exists in the PyOS_vsnprintf() function on architectures that do not have a "vsnprintf()" function. 5) An integer underflow error in the PyOS_vsnprintf() function when passing zero-length strings can lead to memory corruption. PR: 127172 (based on) Submitted by: bf <bf2006a@yahoo.com> Obtained from: python svn Security: CVE-2008-2315, CVE-2008-2316, CVE-2008-3142, CVE-2008-3144, CVE-2008-3143. (vuxml come later) Revision Changes Path 1.152 +1 -1 ports/lang/python25/Makefile 1.1 +163 -0 ports/lang/python25/files/patch-lib-test_test_bigmem.py (new) 1.1 +41 -0 ports/lang/python25/files/patch-lib-test_test_hashlib.py (new) 1.1 +28 -0 ports/lang/python25/files/patch-lib-test_test_strop.py (new) 1.1 +62 -0 ports/lang/python25/files/patch-lib-test_test_support.py (new) 1.1 +21 -0 ports/lang/python25/files/patch-lib_seq_tests.py (new) 1.1 +14 -0 ports/lang/python25/files/patch-modules_almodule.c (new) 1.1 +33 -0 ports/lang/python25/files/patch-modules_arraymodule.c (new) 1.1 +58 -0 ports/lang/python25/files/patch-modules_gcmodule.c (new) 1.1 +104 -0 ports/lang/python25/files/patch-modules_hashopenssl.c (new) 1.1 +11 -0 ports/lang/python25/files/patch-modules_mmapmodule.c (new) 1.1 +16 -0 ports/lang/python25/files/patch-modules_selectmodule.c (new) 1.1 +31 -0 ports/lang/python25/files/patch-modules_stropmodule.c (new) 1.1 +13 -0 ports/lang/python25/files/patch-objects_bufferobject.c (new) 1.1 +11 -0 ports/lang/python25/files/patch-objects_longobject.c (new) 1.1 +34 -0 ports/lang/python25/files/patch-objects_obmalloc.c (new) 1.1 +49 -0 ports/lang/python25/files/patch-objects_stringobject.c (new) 1.1 +17 -0 ports/lang/python25/files/patch-objects_tupleobject.c (new) 1.1 +115 -0 ports/lang/python25/files/patch-objects_unicodeobject.c (new) 1.1 +55 -0 ports/lang/python25/files/patch-python_mysnprintf.c (new)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200809080014.m880E6qr045615>