PublicDate: 2008-04-22 04:41:00 UTC
Candidate: CVE-2008-1679
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1679
 https://ubuntu.com/security/notices/USN-632-1
Description:
 Multiple integer overflows in imageop.c in Python before 2.5.3 allow
 context-dependent attackers to cause a denial of service (crash) and
 possibly execute arbitrary code via crafted images that trigger heap-based
 buffer overflows.  NOTE: this issue is due to an incomplete fix for
 CVE-2007-4965.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/python2.4/+bug/227246
Priority: medium
Discovered-by:
Assigned-to: kees
CVSS: 

Patches_python2.5:
upstream_python2.5: needs-triage
dapper_python2.5: DNE
feisty_python2.5: released (2.5.1-0ubuntu1.2)
gutsy_python2.5: released (2.5.1-5ubuntu5.2)
hardy_python2.5: not-affected
devel_python2.5: not-affected

Patches_python2.4:
 vendor: http://www.debian.org/security/2008/dsa-1551
upstream_python2.4: needs-triage
dapper_python2.4: released (2.4.3-0ubuntu6.2)
feisty_python2.4: released (2.4.4-2ubuntu7.2)
gutsy_python2.4: released (2.4.4-6ubuntu4.2)
hardy_python2.4: not-affected
devel_python2.4: not-affected