PublicDateAtUSN: 2010-05-27
Candidate: CVE-2010-1634
PublicDate: 2010-05-27 19:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1634
 http://svn.python.org/view?rev=81079&view=rev
 http://svn.python.org/view?rev=81045&view=rev
 http://bugs.python.org/issue8674
 https://ubuntu.com/security/notices/USN-1596-1
 https://ubuntu.com/security/notices/USN-1613-1
 https://ubuntu.com/security/notices/USN-1613-2
 https://ubuntu.com/security/notices/USN-1616-1
Description:
 Multiple integer overflows in audioop.c in the audioop module in Python
 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial
 of service (application crash) via a large fragment, as demonstrated by a
 call to audioop.lin2lin with a long string in the first argument, leading
 to a buffer overflow.  NOTE: this vulnerability exists because of an
 incorrect fix for CVE-2008-3143.5.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.python.org/issue8674
Priority: low
Discovered-by:
Assigned-to: jdstrand
CVSS: 

Patches_python2.4:
upstream_python2.4: needs-triage
dapper_python2.4: ignored (reached end-of-life)
hardy_python2.4: released (2.4.5-1ubuntu4.4)
jaunty_python2.4: ignored (reached end-of-life)
karmic_python2.4: ignored (reached end-of-life)
lucid_python2.4: DNE
maverick_python2.4: DNE
natty_python2.4: DNE
oneiric_python2.4: DNE
precise_python2.4: DNE
quantal_python2.4: DNE
devel_python2.4: DNE

Patches_python2.5:
 upstream: http://hg.python.org/cpython/rev/488dbe262f68/ (pt1)
 upstream: http://hg.python.org/cpython/rev/c0dd33a5adbe/ (pt2)
upstream_python2.5: needs-triage
dapper_python2.5: DNE
hardy_python2.5: released (2.5.2-2ubuntu6.2)
jaunty_python2.5: ignored (reached end-of-life)
karmic_python2.5: ignored (reached end-of-life)
lucid_python2.5: DNE
maverick_python2.5: DNE
natty_python2.5: DNE
oneiric_python2.5: DNE
precise_python2.5: DNE
quantal_python2.5: DNE
devel_python2.5: DNE

Patches_python2.6:
 upstream: http://hg.python.org/cpython/rev/7f5a571b1ecb/ (pt1)
 upstream: http://hg.python.org/cpython/rev/0ac11db5fc96/ (pt2)
upstream_python2.6: released (2.6.6-1)
dapper_python2.6: DNE
hardy_python2.6: DNE
jaunty_python2.6: ignored (reached end-of-life)
karmic_python2.6: ignored (reached end-of-life)
lucid_python2.6: released (2.6.5-1ubuntu6.1)
maverick_python2.6: not-affected (2.6.6-5ubuntu1)
natty_python2.6: not-affected (2.6.6-5ubuntu1)
oneiric_python2.6: not-affected (2.6.6-5ubuntu1)
precise_python2.6: DNE
quantal_python2.6: DNE
devel_python2.6: DNE

Patches_python2.7:
upstream_python2.7: released (2.7-1)
hardy_python2.7: DNE
lucid_python2.7: DNE
maverick_python2.7: not-affected (2.7-6)
natty_python2.7: not-affected
oneiric_python2.7: not-affected
precise_python2.7: not-affected
quantal_python2.7: not-affected
devel_python2.7: not-affected

Patches_python3.1:
 upstream: http://hg.python.org/cpython/rev/20ae83821ef0 (pt1)
 upstream: http://hg.python.org/cpython/rev/011940baefb0 (pt2)
upstream_python3.1: released (3.1.3-1)
hardy_python3.1: DNE
lucid_python3.1: released (3.1.2-0ubuntu3.2)
natty_python3.1: not-affected (3.1.3-1ubuntu1.1)
oneiric_python3.1: DNE
precise_python3.1: DNE
quantal_python3.1: DNE
devel_python3.1: DNE

Patches_python3.2:
upstream_python3.2: released (3.2)
hardy_python3.2: DNE
lucid_python3.2: DNE
natty_python3.2: not-affected (3.2-1ubuntu1)
oneiric_python3.2: not-affected
precise_python3.2: not-affected
quantal_python3.2: not-affected
devel_python3.2: not-affected