Debian Security Advisory
DSA-2880-1 python2.7 -- security update
- Date Reported:
- 17 Mar 2014
- Affected Packages:
- python2.7
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2013-4238, CVE-2014-1912.
- More information:
-
Multiple security issues were discovered in Python:
- CVE-2013-4238
Ryan Sleevi discovered that NULL characters in the subject alternate names of SSL cerficates were parsed incorrectly.
- CVE-2014-1912
Ryan Smith-Roberts discovered a buffer overflow in the socket.recvfrom_into() function.
For the stable distribution (wheezy), these problems have been fixed in version 2.7.3-6+deb7u2.
For the unstable distribution (sid), these problems have been fixed in version 2.7.6-7.
We recommend that you upgrade your python2.7 packages.
- CVE-2013-4238