PublicDate: 2008-08-01 14:41:00 UTC
Candidate: CVE-2008-2316
References: 
 https://ubuntu.com/security/notices/USN-632-1
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2316
Description:
 Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2
 and earlier might allow context-dependent attackers to defeat cryptographic
 digests, related to "partial hashlib hashing of data exceeding 4GB."
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: medium
Discovered-by:
Assigned-to: kees
CVSS: 

Patches_python2.5:
upstream_python2.5: pending
dapper_python2.5: DNE
feisty_python2.5: released (2.5.1-0ubuntu1.2)
gutsy_python2.5: released (2.5.1-5ubuntu5.2)
hardy_python2.5: released (2.5.2-2ubuntu4.1)
devel_python2.5: released (2.5.2-10ubuntu2)

Patches_python2.4:
upstream_python2.4: not-affected (code not present)
dapper_python2.4: not-affected (code not present)
feisty_python2.4: not-affected (code not present)
gutsy_python2.4: not-affected (code not present)
hardy_python2.4: not-affected (code not present)
devel_python2.4: not-affected (code not present)