quetz-mod_python-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Graham Dumpleton" <graham.dumple...@gmail.com>
Subject Ubuntu mod_python security notice.
Date Wed, 07 Mar 2007 02:04:09 GMT
Just saw this:

  http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2007-03/msg00076.html
  http://www.securityfocus.com/archive/1/462050

  ===========================================================
  Ubuntu Security Notice USN-430-1 March 06, 2007
  libapache2-mod-python vulnerability
  CVE-2004-2680
  ===========================================================

  Miles Egan discovered that mod_python, when used in output filter mode,
  did not handle output larger than 16384 bytes, and would display freed
  memory, possibly disclosing private data. Thanks to Jim Garrison of the
  Software Freedom Law Center for identifying the original bug as a
  security vulnerability.

Would have been nice if they had bothered to actually tell someone
involved with mod_python about it in case the problem still affects
current version of mod_python. Now we have to work out if it is
relevant to newer versions of not.

This is something new isn't it???

Graham

Mime
View raw message