[OE-core] [PATCH 1/1] Python: Fix for CVE-2012-2135
yzhu1
Yanjun.Zhu at windriver.com
Fri Dec 7 01:45:46 UTC 2012
On 12/06/2012 09:01 PM, Burton, Ross wrote:
> On 30 November 2012 04:30, yanjun.zhu <yanjun.zhu at windriver.com> wrote:
>> The utf-16 decoder in Python 3.1 through 3.3 does not update the
>> aligned_end variable after calling the unicode_decode_call_errorhandler
>> function, which allows remote attackers to obtain sensitive information
>> (process memory) or cause a denial of service (memory corruption and crash)
>> via unspecified vectors.
> The source for the vulnurability says Python 3.1 to 3.3, but you're
> patching 2.7. Is the source not considering the Python 2 releases, or
> is 2.7 safe from the exploit?
>
> Ross
I exploit it in Python 2.7. This CVE will affect Python2.7.
More information about the Openembedded-core
mailing list