[FWTools] FWTools 2.2.6 Windows 32 bit, Python 2.3.4

Greg_Barrett at ak.blm.gov Greg_Barrett at ak.blm.gov
Wed Oct 29 21:01:26 EDT 2008 

We do process external data. The advisory states "the vulnerability should
not be present in most Python builds out there, especially not the builds
for the Windows or Mac OS X platform provided by www.python.org."  except
for "... Python builds configured to support UCS-4 Unicode strings (using
the --enable-unicode=ucs4 configure flag). This is still not the default"

I guess I should have originally asked: Is the python build shipped with
FWTools 2.2.6 configured to support UCS-4 Unicode strings?

Thanks,
-Greg
__________________________________________
Greg Barrett, Statewide GIS Coordinator
USDOI Bureau of Land Management
Alaska State Office, Division of Geographic Sciences
222 W. 7th Ave., #13, Anchorage, AK 99513
Phone:   907 271-3360
Fax         907 271-3118
gbarrett at blm.gov




                                                                           
             Frank Warmerdam                                               
             <warmerdam at pobox.                                             
             com>                                                       To 
                                       Greg_Barrett at ak.blm.gov             
             10/29/2008 03:32                                           cc 
             PM                        fwtools at lists.maptools.org          
                                                                   Subject 
                                       Re: [FWTools] FWTools 2.2.6 Windows 
                                       32 bit, Python 2.3.4                
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           




Greg_Barrett at ak.blm.gov wrote:
> Is FWTools 2.2.6 affected by the following buffer overrun vulnerability
in
> python build 2.3.4? Details here:
> http://www.python.org/news/security/PSF-2006-001/
>  I'm trying to get the current FWTools build through our software
approval
> process and this has been flagged as an potential issue.

Greg,

Well, if it is python 2.3.4 in FWTools then the security advisory seems
to indicate it is an issue.  But it should only have an impact if
externally supplied UCS-4 strings are passed through repr().  Do you
use Python scripts to process externally supplied data?

Best regards,
--
---------------------------------------+--------------------------------------

I set the clouds in motion - turn up   | Frank Warmerdam,
warmerdam at pobox.com
light and sound - activate the windows | http://pobox.com/~warmerdam
and watch the world go round - Rush    | Geospatial Programmer for Rent

More information about the FWTools mailing list