[Secure-testing-team] Bug#872407: python-numpy: CVE-2017-12852
Salvatore Bonaccorso
carnil at debian.org
Thu Aug 17 07:06:32 UTC 2017
Source: python-numpy
Version: 1:1.12.1-3
Severity: normal
Tags: upstream security
Hi,
the following vulnerability was published for python-numpy. It's
fairly minor, and could just lead to a denial of service. Still
filling the bug for tracking purposes.
CVE-2017-12852[0]:
| The numpy.pad function in Numpy 1.13.1 and older versions is missing
| input validation. An empty list or ndarray will stick into an infinite
| loop, which can allow attackers to cause a DoS attack.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-12852
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12852
[1] https://github.com/numpy/numpy/issues/9560#issuecomment-322395292
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list