[OE-core] [PATCH 0/1] python: Fix CVE-2014-7185
wenzong.fan at windriver.com
wenzong.fan at windriver.com
Wed Nov 12 08:25:47 UTC 2014
From: Wenzong Fan <wenzong.fan at windriver.com>
Integer overflow in bufferobject.c in Python before 2.7.8 allows
context-dependent attackers to obtain sensitive information from
process memory via a large size and offset in a "buffer" function.
This back-ported patch fixes CVE-2014-7185
The following changes since commit 3c741a8d33acbf4b3d5eecc04533bc76e2f37253:
oprofile: 0.9.9 -> 1.0.0 (2014-11-09 10:21:24 +0000)
are available in the git repository at:
git://git.pokylinux.org/poky-contrib wenzong/cve-python
http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/cve-python
Wenzong Fan (1):
python: Fix CVE-2014-7185
.../python/python/python-2.7.3-CVE-2014-7185.patch | 75 ++++++++++++++++++++
meta/recipes-devtools/python/python_2.7.3.bb | 1 +
2 files changed, 76 insertions(+)
create mode 100644 meta/recipes-devtools/python/python/python-2.7.3-CVE-2014-7185.patch
--
1.7.9.5
More information about the Openembedded-core
mailing list