← Back to team overview

touch-packages team mailing list archive

[Bug 1333396] Re: JSON module: reading arbitrary process memory

 

lucid has seen the end of its life and is no longer receiving any
updates. Marking the lucid task for this ticket as "Won't Fix".

** Changed in: python2.6 (Ubuntu Lucid)
       Status: Triaged => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python2.7 in Ubuntu.
https://bugs.launchpad.net/bugs/1333396

Title:
  JSON module: reading arbitrary process memory

Status in Python:
  Fix Released
Status in python2.6 package in Ubuntu:
  Invalid
Status in python2.7 package in Ubuntu:
  Fix Released
Status in python3.2 package in Ubuntu:
  Invalid
Status in python3.3 package in Ubuntu:
  Triaged
Status in python3.4 package in Ubuntu:
  Fix Released
Status in python2.6 source package in Lucid:
  Won't Fix
Status in python2.7 source package in Precise:
  Triaged
Status in python3.2 source package in Precise:
  Triaged
Status in python2.7 source package in Saucy:
  Won't Fix
Status in python3.3 source package in Saucy:
  Won't Fix
Status in python2.7 source package in Trusty:
  Triaged
Status in python3.4 source package in Trusty:
  Triaged
Status in python2.7 source package in Utopic:
  Fix Released
Status in python3.4 source package in Utopic:
  Fix Released
Status in python2.7 package in Debian:
  New

Bug description:
  As reported upstream, the JSON module of Python is vulnerable for
  reading arbitrary process memory. Please apply the patch as included
  in the upstream bug report: http://bugs.python.org/issue21529

  CVE-2014-4616 is assigned:
  https://security-tracker.debian.org/tracker/CVE-2014-4616

  Patch is applied upstream in 2.7.7, so this only applies to current
  Ubuntu releases.

To manage notifications about this bug go to:
https://bugs.launchpad.net/python/+bug/1333396/+subscriptions