[OE-core] [PATCH 1/1] Python: Fix for CVE-2012-2135
Burton, Ross
ross.burton at intel.com
Thu Dec 6 13:01:38 UTC 2012
On 30 November 2012 04:30, yanjun.zhu <yanjun.zhu at windriver.com> wrote:
> The utf-16 decoder in Python 3.1 through 3.3 does not update the
> aligned_end variable after calling the unicode_decode_call_errorhandler
> function, which allows remote attackers to obtain sensitive information
> (process memory) or cause a denial of service (memory corruption and crash)
> via unspecified vectors.
The source for the vulnurability says Python 3.1 to 3.3, but you're
patching 2.7. Is the source not considering the Python 2 releases, or
is 2.7 safe from the exploit?
Ross
More information about the Openembedded-core
mailing list