for collaborative work. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2008-5249
David Remahl discovered that mediawiki1.7 is prone to a cross-site scripting attack.
CVE-2008-5250
David Remahl discovered that mediawiki1.7, when Internet Explorer is used and
uploads are enabled, or an SVG scripting browser is used and SVG uploads are
Description
===========
Multiple vulnerabilities were discovered in Python:
* David Remahl of Apple Product Security reported several integer
overflows in core modules such as stringobject, unicodeobject,
bufferobject, longobject, tupleobject, stropmodule, gcmodule,
mmapmodule (CVE-2008-2315).
* David Remahl of Apple Product Security also reported an integer
2.5.3 allowed context-dependent attackers to cause a denial of service
(crash) or possibly execute arbitrary code via crafted images that
trigger heap-based buffer overflows (CVE-2008-1679). This was due
to an incomplete fix for CVE-2007-4965.
David Remahl of Apple Product Security reported several integer
overflows in a number of core modules (CVE-2008-2315).
Justin Ferguson reported multiple buffer overflows in unicode string
processing that affected 32bit systems (CVE-2008-3142).
Description
===========
Multiple vulnerabilities were discovered in Python:
* David Remahl reported multiple integer overflows in the file
imageop.c, leading to a heap-based buffer overflow (CVE-2008-1679).
This issue is due to an incomplete fix for CVE-2007-4965.
* Justin Ferguson discovered that an integer signedness error in the
zlib extension module might trigger insufficient memory allocation
2.5.3 allowed context-dependent attackers to cause a denial of service
(crash) or possibly execute arbitrary code via crafted images that
trigger heap-based buffer overflows (CVE-2008-1679). This was due
to an incomplete fix for CVE-2007-4965.
David Remahl of Apple Product Security reported several integer
overflows in a number of core modules (CVE-2008-2315). He also
reported an integer overflow in the hashlib module on Python 2.5 that
lead to unreliable cryptographic digest results (CVE-2008-2316).
Justin Ferguson reported multiple buffer overflows in unicode string
Python language. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2008-2315
David Remahl discovered several integer overflows in the
stringobject, unicodeobject, bufferobject, longobject,
tupleobject, stropmodule, gcmodule, and mmapmodule modules.
CVE-2008-3142
