touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #84887
[Bug 1333396] Re: JSON module: reading arbitrary process memory
lucid has seen the end of its life and is no longer receiving any
updates. Marking the lucid task for this ticket as "Won't Fix".
** Changed in: python2.6 (Ubuntu Lucid)
Status: Triaged => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python2.7 in Ubuntu.
https://bugs.launchpad.net/bugs/1333396
Title:
JSON module: reading arbitrary process memory
Status in Python:
Fix Released
Status in python2.6 package in Ubuntu:
Invalid
Status in python2.7 package in Ubuntu:
Fix Released
Status in python3.2 package in Ubuntu:
Invalid
Status in python3.3 package in Ubuntu:
Triaged
Status in python3.4 package in Ubuntu:
Fix Released
Status in python2.6 source package in Lucid:
Won't Fix
Status in python2.7 source package in Precise:
Triaged
Status in python3.2 source package in Precise:
Triaged
Status in python2.7 source package in Saucy:
Won't Fix
Status in python3.3 source package in Saucy:
Won't Fix
Status in python2.7 source package in Trusty:
Triaged
Status in python3.4 source package in Trusty:
Triaged
Status in python2.7 source package in Utopic:
Fix Released
Status in python3.4 source package in Utopic:
Fix Released
Status in python2.7 package in Debian:
New
Bug description:
As reported upstream, the JSON module of Python is vulnerable for
reading arbitrary process memory. Please apply the patch as included
in the upstream bug report: http://bugs.python.org/issue21529
CVE-2014-4616 is assigned:
https://security-tracker.debian.org/tracker/CVE-2014-4616
Patch is applied upstream in 2.7.7, so this only applies to current
Ubuntu releases.
To manage notifications about this bug go to:
https://bugs.launchpad.net/python/+bug/1333396/+subscriptions
