CVE 2013-1752
** REJECT ** Various versions of Python do not properly restrict readline calls, which allows remote attackers to cause a denial of service (memory consumption) via a long string, related to (1) httplib - fixed in 2.7.4, 2.6.9, and 3.3.3; (2) ftplib - fixed in 2.7.6, 2.6.9, 3.3.3; (3) imaplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; (4) nntplib - fixed in 2.7.6, 2.6.9, 3.3.3; (5) poplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; and (6) smtplib - not yet fixed in 2.7.x, fixed in 2.6.9, not yet fixed in 3.3.x. NOTE: this was REJECTed because it is incompatible with CNT1 "Independently Fixable" in the CVE Counting Decisions.
Related bugs and status
CVE-2013-1752 (Candidate) is related to these bugs:
Bug #1351180: Python security issue #16039, #16041 and #16042 looks not be fixed on Python 2.7.6 (smtplib/imaplib/poplib of python has a vulnerability due to unlimited readline() from connection)
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1351180 | Python security issue #16039, #16041 and #16042 looks not be fixed on Python 2.7.6 (smtplib/imaplib/poplib of python has a vulnerability due to unlimited readline() from connection) | python2.7 (Ubuntu) | Low | Fix Released | ||
1351180 | Python security issue #16039, #16041 and #16042 looks not be fixed on Python 2.7.6 (smtplib/imaplib/poplib of python has a vulnerability due to unlimited readline() from connection) | python2.7 (Ubuntu Trusty) | Low | Triaged |
Bug #1808476: Please bump libssl1.1 dependency to at least >= 1.1.1, as headers leak constants
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1808476 | Please bump libssl1.1 dependency to at least >= 1.1.1, as headers leak constants | python2.7 (Ubuntu) | Undecided | Fix Released | ||
1808476 | Please bump libssl1.1 dependency to at least >= 1.1.1, as headers leak constants | python2.7 (Ubuntu Disco) | Undecided | Fix Released | ||
1808476 | Please bump libssl1.1 dependency to at least >= 1.1.1, as headers leak constants | python2.7 (Ubuntu Cosmic) | Undecided | Fix Released | ||
1808476 | Please bump libssl1.1 dependency to at least >= 1.1.1, as headers leak constants | python2.7 (Ubuntu Bionic) | Undecided | Fix Released |
Bug #1811531: remote execution vulnerability
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1811531 | remote execution vulnerability | zeromq3 (Ubuntu) | Undecided | Fix Released | ||
1811531 | remote execution vulnerability | zeromq3 (Debian) | Unknown | Fix Released | ||
1811531 | remote execution vulnerability | zeromq (Suse) | High | Fix Released |
Bug #1822993: SRU: update Python 2.7 to 2.7.16, Python 3.7 to 3.7.3 and 3.6 to 3.6.8
Bug #1855133: SRU: update python2.7 to the 2.7.17 release
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1855133 | SRU: update python2.7 to the 2.7.17 release | python2.7 (Ubuntu) | Undecided | Fix Released | ||
1855133 | SRU: update python2.7 to the 2.7.17 release | python2.7 (Ubuntu Bionic) | Undecided | Fix Released | ||
1855133 | SRU: update python2.7 to the 2.7.17 release | python-stdlib-extensions (Ubuntu) | Undecided | Fix Released | ||
1855133 | SRU: update python2.7 to the 2.7.17 release | python-stdlib-extensions (Ubuntu Bionic) | Undecided | Fix Released | ||
1855133 | SRU: update python2.7 to the 2.7.17 release | python-stdlib-extensions (Ubuntu Eoan) | Undecided | Fix Released | ||
1855133 | SRU: update python2.7 to the 2.7.17 release | python2.7 (Ubuntu Eoan) | Undecided | Fix Released |
See the
CVE page on Mitre.org
for more details.