[Stackless] Stackless to address multiple buffer overflow vulnerability?
gwhulbert at eol.ca
Fri Aug 15 22:02:07 CEST 2008
On Fri, 2008-15-08 at 11:52 -0500, David E. Sallis wrote:
> Guy Hulbert said the following on 8/15/2008 11:36 AM:
> > This is an old problem.
> I must respectfully disagree. Did you read the bulletin I
Nope. I read the link you posted:
and I followed this:
The vendor has released fixes to address the issues. Please see
the references for more information.
The only reference to a fix I could find was on the downloads page:
Note: there's a security fix for Python 2.2, 2.3 and 2.4. Of the
releases below, only 2.4.4 and 2.5 and later include the fix.
> CVE-2008-2315, for one, was published in late July 2008. It
> states in part:
You did not reference this CVE although the link you posted does mention
it (with 4 other ones).
> This is *not* an old problem.
You seem to be correct here. The python pages seem to know nothing
about this one. Google brings up:
This CVE Identifier has "Candidate" status and must be reviewed
and accepted by the CVE Editorial Board before it can be updated
to official "Entry" status on the CVE List. It may be modified
or even rejected in the future.
Which has 3 links to gentoo. The first one is more informative than
anything else I've found so far:
More information about the Stackless