PublicDate: 2008-04-18 17:05:00 UTC
Candidate: CVE-2008-1887
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1887
 https://ubuntu.com/security/notices/USN-632-1
Description:
 Python 2.5.2 and earlier allows context-dependent attackers to execute
 arbitrary code via multiple vectors that cause a negative size value to be
 provided to the PyString_FromStringAndSize function, which allocates less
 memory than expected when assert() is disabled and triggers a buffer
 overflow.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/python2.4/+bug/227246
Priority: medium
Discovered-by:
Assigned-to: kees
CVSS: 

Patches_python2.5:
upstream_python2.5: needs-triage
dapper_python2.5: DNE
feisty_python2.5: released (2.5.1-0ubuntu1.2)
gutsy_python2.5: released (2.5.1-5ubuntu5.2)
hardy_python2.5: not-affected
devel_python2.5: not-affected

Patches_python2.4:
 vendor: http://www.debian.org/security/2008/dsa-1551
upstream_python2.4: needs-triage
dapper_python2.4: released (2.4.3-0ubuntu6.2)
feisty_python2.4: released (2.4.4-2ubuntu7.2)
gutsy_python2.4: released (2.4.4-6ubuntu4.2)
hardy_python2.4: not-affected
devel_python2.4: not-affected