[Fwd: [SECURITY] [DSA 817-1] New python2.2 packages fix arbitrary code execution]
Michal Jaegermann
michal at harddata.com
Thu Sep 22 15:58:06 UTC 2005
On Thu, Sep 22, 2005 at 09:15:23AM -0400, Jim Popovitch wrote:
> Anyone know if this impacts FL?
[ a description of Pyton problems from Debian advisory skipped ]
Most likely this is the case. It is hard to imagine that somebody
quietly fixed such hole in Python packages for Red Hat distributions
and did not mention that anybody. Well, a pcre code could be
possibly not compiled in but I am not sure if this is an option.
If this is used as a shared library then fixing that in one
place would fix all users but a quick look at some samples seems
to show that this is not the case.
OTOH I do not know in this moment if python-1.5, like the one
used in RH7.3, has a code from pcre or not. If it does then
the problem potentially is not limited to python2.
> I did a quick BugTraq look at Pekka's
> lists and didn't see it mentioned.
Well, you could be the one who will add that to bugzilla. Of course
if you would look first at patches Debian used, and also other pcre
patches, and check before writing a bugzilla entry if they indeed
apply that would be a truly good move.
Michal
More information about the fedora-legacy-list
mailing list