search

AOSC-Dev / aosc-os-abbs

ABBS/ACBS tree for AOSC OS package metadata, build configuration, scripts, and patches
https://packages.aosc.io
GNU General Public License v2.0
106 stars 85 forks source link

python-2: multiple vulnerabilities #1399

Closed l2dy closed 6 years ago

l2dy commented 6 years ago

CVE IDs (if any)

CVE-2018-1060, CVE-2018-1061, CVE-2018-14647, CVE-2018-1000802

Other security advisory IDs (if any)

DSA-4306-1

Patches (if any)

Debian patches.

PoC(s) (if any)

N/A

Additional descriptions (if applicable)

Package : python2.7 CVE ID : CVE-2018-14647, CVE-2018-1000802

Multiple security issues were discovered in Python: ElementTree failed to initialise Expat's hash salt, two denial of service issues were found in difflib and poplib and the shutil module was affected by a command injection vulnerability.

Architectural progress

Please remove any architecture to which the security vulnerabilities do not apply.

MingcongBai commented 6 years ago

CVE-2018-1060 and CVE-2018-1061 does not affect 2.7.15.

MingcongBai commented 6 years ago

Fixed with https://github.com/AOSC-Dev/aosc-os-abbs/commit/24033ce3fa1d459f70e9a35a815d96f91b37ffcc. Closing.

l2dy commented 6 years ago

Use AOSA-2018-0419.