Bug 835496 (CVE-2012-2639)
Summary: | CVE-2012-2639 python (SimpleHTTPServer): XSS attacks against Internet Explorer 7 via UTF-7 encoding | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED DUPLICATE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | amcnabb, bkabrda, derks, dmalcolm, ivazqueznet, jeffrey.ness, jonathansteffan, katzj, tomspur |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-06-26 12:35:12 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 835499 |
Description
Jan Lieskovsky
2012-06-26 11:06:11 UTC
This issue did NOT affect the version of the python package, as shipped with Red Hat Enterprise Linux 5. -- This issue did NOT affect the version of the python package, as shipped with Red Hat Enterprise Linux 6. -- This issue did NOT affect the versions of the python package, as shipped with Fedora release of 16 and 17. This issue did NOT affect the version of the python26 package, as shipped with Fedora EPEL 5. This issue did NOT affect the versions of the python3 package, as shipped with Fedora release of 16 and 17. This is a dublicate of CVE-2011-4940, described in bug #803500 and seems to be addressed already: https://rhn.redhat.com/errata/RHSA-2012-0744.html (I cannot access the possible rhel6 security bug, which this depends on.) (In reply to comment #2) > This is a dublicate of CVE-2011-4940, described in bug #803500 Thanks Thomas, you are right (I have had an impression I have seen this somewhere already). Will request CVE-2012-2639 id rejection then. > and seems to > be addressed already: > https://rhn.redhat.com/errata/RHSA-2012-0744.html > > (I cannot access the possible rhel6 security bug, which this depends on.) And due the corrected RHEL-6 packages, you were correct too. I have checked python-2.6.5-3.el6_0.2 before, which doesn't contain the fix yet, but obviously those from RHSA-2012-0744 (python-2.6.6-29.el6_2.2) contain it already. *** This bug has been marked as a duplicate of bug 803500 *** |