Ok, I completed my list of get almost all of the 30 known CVE. Right now, my list has 40 vulnerabilities.
Remaining issues: cookielib and rgbimg/imageop. cookielib https://hackerone.com/reports/26647 https://bugs.python.org/issue25228 http://bugs.python.org/issue22796 rgbimg, imageop: CVE-2009-4134, CVE-2010-3493, CVE-2010-1449 - name: "CVE-2010-1450" summary: > rgbimg and imageop buffer overflows links: - http://bugs.python.org/issue8678 - https://bugzilla.redhat.com/show_bug.cgi?id=541698 disclosure: "2009-11-26 (Red Hat bz#541698 reported)" cvss-score: "7.5" # imageop module was removed in Python 3 ignore-python3: true fixed-in: - 93ebfb154456daa841aa223bd296422787b3074c # 2.6 description: > Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote attackers to have an unspecified impact via an image file containing crafted data that triggers improper processing within the (1) longimagedata or (2) expandrow function. Reported by Marc Schoenefeld. Victor _______________________________________________ Security-SIG mailing list Security-SIG@python.org https://mail.python.org/mailman/listinfo/security-sig
