FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  362708
Date:      2014-07-23
Time:      16:51:38Z
Committer: zi

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
0dccaa28-7f3c-11dd-8de5-0030843d3802python -- multiple vulnerabilities

Secunia reports:

Some vulnerabilities have been reported in Python, where some have unknown impact and others can potentially be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.

Various integer overflow errors exist in core modules e.g. stringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, mmapmodule.

An integer overflow in the hashlib module can lead to an unreliable cryptographic digest results.

Integer overflow errors in the processing of unicode strings can be exploited to cause buffer overflows on 32-bit systems.

An integer overflow exists in the PyOS_vsnprintf() function on architectures that do not have a "vsnprintf()" function.

An integer underflow error in the PyOS_vsnprintf() function when passing zero-length strings can lead to memory corruption.


Discovery 2008-08-04
Entry 2008-09-10
python24
lt 2.4.5_2

python25
lt 2.5.2_3

python23
gt 0

CVE-2008-2315
CVE-2008-2316
CVE-2008-3142
CVE-2008-3144
http://bugs.python.org/issue2620
http://bugs.python.org/issue2588
http://bugs.python.org/issue2589
http://secunia.com/advisories/31305
http://mail.python.org/pipermail/python-checkins/2008-July/072276.html
http://mail.python.org/pipermail/python-checkins/2008-July/072174.html
http://mail.python.org/pipermail/python-checkins/2008-June/070481.html
b4f8be9e-56b2-11e1-9fb7-003067b2972cPython -- DoS via malformed XML-RPC / HTTP POST request

Jan Lieskovsky reports,

A denial of service flaw was found in the way Simple XML-RPC Server module of Python processed client connections, that were closed prior the complete request body has been received. A remote attacker could use this flaw to cause Python Simple XML-RPC based server process to consume excessive amount of CPU.


Discovery 2012-02-13
Entry 2012-02-14
Modified 2012-02-26
python32
le 3.2.2_2

python31
le 3.1.4_2

python27
le 2.7.2_3

python26
le 2.6.7_2

python25
le 2.5.6_2

python24
le 2.4.5_8

pypy
le 1.7

CVE-2012-0845
http://bugs.python.org/issue14001
https://bugzilla.redhat.com/show_bug.cgi?id=789790
https://bugs.pypy.org/issue1047
ec41c3e2-129c-11dd-bab7-0016179b2dd5python -- Integer Signedness Error in zlib Module

Justin Ferguson reports:

Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow.


Discovery 2008-04-10
Entry 2008-04-25
Modified 2008-04-28
python23
lt 2.3.6_1

python24
lt 2.4.5_1

python25
lt 2.5.2_2

CVE-2008-1721
28715
http://securityreason.com/securityalert/3802
http://bugs.python.org/issue2586
0dccaa28-7f3c-11dd-8de5-0030843d3802python -- multiple vulnerabilities

Secunia reports:

Some vulnerabilities have been reported in Python, where some have unknown impact and others can potentially be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.

Various integer overflow errors exist in core modules e.g. stringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, mmapmodule.

An integer overflow in the hashlib module can lead to an unreliable cryptographic digest results.

Integer overflow errors in the processing of unicode strings can be exploited to cause buffer overflows on 32-bit systems.

An integer overflow exists in the PyOS_vsnprintf() function on architectures that do not have a "vsnprintf()" function.

An integer underflow error in the PyOS_vsnprintf() function when passing zero-length strings can lead to memory corruption.


Discovery 2008-08-04
Entry 2008-09-10
python24
lt 2.4.5_2

python25
lt 2.5.2_3

python23
gt 0

CVE-2008-2315
CVE-2008-2316
CVE-2008-3142
CVE-2008-3144
http://bugs.python.org/issue2620
http://bugs.python.org/issue2588
http://bugs.python.org/issue2589
http://secunia.com/advisories/31305
http://mail.python.org/pipermail/python-checkins/2008-July/072276.html
http://mail.python.org/pipermail/python-checkins/2008-July/072174.html
http://mail.python.org/pipermail/python-checkins/2008-June/070481.html
ec41c3e2-129c-11dd-bab7-0016179b2dd5python -- Integer Signedness Error in zlib Module

Justin Ferguson reports:

Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow.


Discovery 2008-04-10
Entry 2008-04-25
Modified 2008-04-28
python23
lt 2.3.6_1

python24
lt 2.4.5_1

python25
lt 2.5.2_2

CVE-2008-1721
28715
http://securityreason.com/securityalert/3802
http://bugs.python.org/issue2586
b4f8be9e-56b2-11e1-9fb7-003067b2972cPython -- DoS via malformed XML-RPC / HTTP POST request

Jan Lieskovsky reports,

A denial of service flaw was found in the way Simple XML-RPC Server module of Python processed client connections, that were closed prior the complete request body has been received. A remote attacker could use this flaw to cause Python Simple XML-RPC based server process to consume excessive amount of CPU.


Discovery 2012-02-13
Entry 2012-02-14
Modified 2012-02-26
python32
le 3.2.2_2

python31
le 3.1.4_2

python27
le 2.7.2_3

python26
le 2.6.7_2

python25
le 2.5.6_2

python24
le 2.4.5_8

pypy
le 1.7

CVE-2012-0845
http://bugs.python.org/issue14001
https://bugzilla.redhat.com/show_bug.cgi?id=789790
https://bugs.pypy.org/issue1047