[OE-core] [PATCH 1/1] Python: Fix for CVE-2012-2135
Burton, Ross
ross.burton at intel.com
Mon Mar 4 10:46:14 UTC 2013
On 4 March 2013 04:35, yanjun.zhu <yanjun.zhu at windriver.com> wrote:
> From: "yanjun.zhu" <yanjun.zhu at windriver.com>
>
> Reference:http://bugs.python.org/issue14579
>
> The utf-16 decoder in Python 3.1 through 3.3 does not update the
> aligned_end variable after calling the unicode_decode_call_errorhandler
> function, which allows remote attackers to obtain sensitive information
> (process memory) or cause a denial of service (memory corruption and crash)
> via unspecified vectors.
You really should reword this commit message so that it doesn't appear
to be inappropriate - this bug does apply to 2.7 but it's not a
security issue.
Ross
More information about the Openembedded-core
mailing list