touch-packages team mailing list archive

Thread
Date

[Bug 1351224] Re: Python security issue #14621 (Hash function is not randomized properly)

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Jamie Strandboge <jamie@xxxxxxxxxx>
Date: Fri, 08 Aug 2014 17:48:30 -0000
Reply-to: Bug 1351224 <1351224@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Thank you for using Ubuntu and reporting a bug. We will not be issuing a
security update for this issue. Please see http://people.canonical.com
/~ubuntu-security/cve/2013/CVE-2013-7040.html for details.

** Information type changed from Private Security to Public Security

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-7040

** Changed in: python2.7 (Ubuntu)
   Importance: Undecided => Low

** Changed in: python2.7 (Ubuntu)
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python2.7 in Ubuntu.
https://bugs.launchpad.net/bugs/1351224

Title:
  Python security issue #14621 (Hash function is not randomized
  properly)

Status in “python2.7” package in Ubuntu:
  Won't Fix

Bug description:
  Due to an incomplete fix for CVE-2012-1150, other CVE-2012-1150 [1] is reported. The following [2] is corresponding bug report in Python upstream.
  I'm not 100% sure, but this vulnerability may affect to both Python 2.7 and 3.3 bundled with Ubuntu 14.04LTS.

  [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7040
  [2] http://bugs.python.org/issue14621

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/1351224/+subscriptions