[oe] [PATCH] python: fix for Security Advisory - python - CVE-2012-2135
Otavio Salvador
otavio at ossystems.com.br
Fri Nov 16 12:21:42 UTC 2012
On Fri, Nov 16, 2012 at 6:53 AM, yanjun.zhu <yanjun.zhu at windriver.com>wrote:
> The utf-16 decoder in Python 3.1 through 3.3 does not update the
> aligned_end variable after calling the unicode_decode_call_errorhandler
> function, which allows remote attackers to obtain sensitive information
> (process memory) or cause a denial of service (memory corruption and crash)
> via unspecified vectors.
>
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2135
>
> Signed-off-by: yanjun.zhu <yanjun.zhu at windriver.com>
>
I think this needs to be backported to previous releases, right?
--
Otavio Salvador O.S. Systems
E-mail: otavio at ossystems.com.br http://www.ossystems.com.br
Mobile: +55 53 9981-7854 http://projetos.ossystems.com.br
More information about the Openembedded-devel
mailing list