Uploaded image for project: 'Picard'
  1. Picard
  2. PICARD-547

Shipped Python27.dll has multiple known CVE Vulns

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Normal Normal
    • 1.3
    • 1.2
    • None
    • None
    • Windows 7

      Hi,

      the currently shipped python27.dll under C:\Program Files(x86)\MusicBrainz Picard\python27.dll in Picard version 1.2 has the version number 2.7.3150.1013

      This version has two known vulnerabilities:
      CVE-2013-1752: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1752
      CVE-2013-4238: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4238

      According to this Advisory:

      https://secunia.com/advisories/56234

      this results in possible spoofing or DoS attacks.

      this can easily be fixed by updating to Python version 2.7.6.

      I searched the issue list but did not find anything regarding this
      security issue.
      I also do not know which component exactly uses the dll, as I'm not
      familiar with the Picard code yet.

            lukas Lukáš Lalinský
            sven sven
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved:

                Version Package
                1.3