[OE-core] [PATCH] python: Fix CVE-2017-1000158
Alexander Kanavin
alexander.kanavin at linux.intel.com
Fri Jan 5 18:21:01 UTC 2018
On 01/05/2018 07:37 PM, Ovidiu Panait wrote:
> CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in
> the PyString_DecodeEscape function in stringobject.c, resulting in
> heap-based buffer overflow (and possible arbitrary code execution).
What about python 3.x that this patch also touches?
> Upstream patches:
> https://github.com/python/cpython/commit/c3c9db89273fabc62ea1b48389d9a3000c1c03ae
> https://github.com/python/cpython/commit/fd8614c5c5466a14a945db5b059c10c0fb8f76d9
>
> Reference:
> https://nvd.nist.gov/vuln/detail/CVE-2017-1000158
Can you update the recipes to 2.7.14 and 3.5.4 instead please?
Alex
More information about the Openembedded-core
mailing list