CVE-2008-2315

NameCVE-2008-2315
DescriptionMultiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-1667-1, DTSA-157-1
NVD severityhigh (attack range: remote)
Debian/oldstablenot vulnerable.
Debian/stablenot known to be vulnerable.
Debian/testingnot known to be vulnerable.
Debian/unstablenot known to be vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
python2.5 (PTS)squeeze2.5.5-11fixed

The information above is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
python2.4source(unstable)2.4.5-5high
python2.4sourceetch2.4.4-3+etch2highDSA-1667-1
python2.5source(unstable)2.5.2-10high
python2.5sourcelenny2.5.2-6+lenny1highDTSA-157-1

Notes

[etch] - python2.5 <no-dsa> (Minor issue, not the default Python runtime)

Search for package or bug name: Reporting problems