Re: [Fwd: [SECURITY] [DSA 817-1] New python2.2 packages fix arbitrary code execution]
|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
Michal Jaegermann wrote:
On Sun, Sep 25, 2005 at 02:51:57PM -0400, Jim Popovitch wrote:Michal, I am confused about all your comments on this thread.You raised a possibility that PCRE bugs affect also various Python packages. Quite timely alert, I would say, and from all what we know by now you were right. After that we got some followups on the topic and some which left me somewhat baffled.Now today I see that you already opened a bug back on 16-Septhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168516Indeed I wrote that. But this is about bugs in 'pcre' package itself. Fixing that does not seem to help 'python<whatever>' as that appears to re-cycle that code with security bugs directly and not using 'pcre' as a library. Even if that would be used as a statically linked library then all affected packages would need to be at least recompiled (but most likely they need direct patches). So the report you qoute is not sufficient as bugzilla entries are for a package and not for a bug with a list of all possible packages where this may apply. Therefore we need a corresponding entry in bugzilla. If you cannot and/or do not want to do that then say so and somebody else will have to write something up.
OK, I have opened 169235 as "python2.2 integer overflow" (https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169235)Please, please double check what I did. As I've mentioned before I am not all that up to speed wrt Bugzilla best practices.
Thank you Michal for your help/explainations so far. -Jim P. -- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
[Fedora Development] [Fedora Announce] [Fedora Legacy Announce] [Fedora Config] [PAM] [Fedora General Discussion] [Big List of Linux Books] [Gimp] [Free Internet Dating] [Yosemite Questions]