New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Integer overflow in _hashopenssl.c (CVE-2008-2316) #48136
Comments
CVE-2008-2316 |
I'm ok with this patch. |
Fixed in r66496. |
Hmm. It's seems 3.0 will require a different patch. I can't get the |
http://bugs.python.org/issue3026 is about the same issue (with a working (btw. my patch also made the hash functions interruptible, this is |
As a security issue, the patch should also be backport to 2.5 (and 2.4 |
Sorry about missing your work, Ralf. In the rush to getting a fix in for And 2.5 has already been patched by r66497, so removing that as a |
hashlib doesn't exist in Python 2.4, so I'm not very worried about it. :) |
Python 2.4 uses an 'int' for ob_size so it does not appear at first |
Got 3.0 in r66615. Somebody should really test it, though. |
I'm going to close this because 2.5, 2.6, and 3.0 have been patched. |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: