Bug 426368

Summary: CVE-2004-2680 mod_python arbitrary data disclosure flaw
Product: Red Hat Enterprise Linux 4 Reporter: Martin Poole <mpoole>
Component: mod_pythonAssignee: Joe Orton <jorton>
Status: CLOSED WONTFIX QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: high Docs Contact:
Priority: high    
Version: 4.6CC: bressers, jkachuck, jwest, lsmid, mpoole, sghosh, syeghiay, tao
Target Milestone: rcKeywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=low,reported=20070302,source=vendorsec,public=20040416
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-08-01 18:42:13 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 231065    
Bug Blocks: 485811    

Comment 11 IBM Bug Proxy 2011-03-26 12:58:35 UTC 
------- Comment From clnperez.com 2011-01-31 15:05 EDT-------
Did this make it into 4.9?

------- Comment From lnx1138.ibm.com 2011-02-17 17:27 EDT-------
Since I don't see an updated mod_python package on RHN in the RHEL 4 beta channel, I don't expect this made 4.9 after all. The original submitter seems to have left IBM somewhere along the four years this bug was around though I am sure we can probably find someone else to verify the fix if there is one. For the moment, I am closing this as WILL_NOT_FIX. Thanks.
Comment 12 Joseph Kachuck 2011-03-28 14:33:44 UTC 
Hello,
This is currently in accepted state for RHEL 4.9.

Thank You
Joe Kachuck
Comment 13 Ludek Smid 2011-03-28 15:08:46 UTC 
(In reply to comment #12)
> This is currently in accepted state for RHEL 4.9.
This bug is *proposed* for RHEL 4.9 at this moment.

RHEL 4.9 is in Production III Phase now, see https://access.redhat.com/support/policy/updates/errata/

According to definition, this bug does not qualify for acceptance criteria (see url above) and is unlikely to be fixed.
Comment 14 Josh Bressers 2011-08-01 18:42:13 UTC 
I'm going to WONTFIX this bug. It's not worth fixing anymore.