[oe] [PATCH] python: fix for Security Advisory - python - CVE-2012-2135
yzhu1
Yanjun.Zhu at windriver.com
Mon Nov 19 02:26:43 UTC 2012
On 11/16/2012 08:21 PM, Otavio Salvador wrote:
> On Fri, Nov 16, 2012 at 6:53 AM, yanjun.zhu <yanjun.zhu at windriver.com>wrote:
>
>> The utf-16 decoder in Python 3.1 through 3.3 does not update the
>> aligned_end variable after calling the unicode_decode_call_errorhandler
>> function, which allows remote attackers to obtain sensitive information
>> (process memory) or cause a denial of service (memory corruption and crash)
>> via unspecified vectors.
>>
>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2135
>>
>> Signed-off-by: yanjun.zhu <yanjun.zhu at windriver.com>
>>
> I think this needs to be backported to previous releases, right?
Hi, Otavio
OK. I will do it.
Thanks a lot.
Zhu Yanjun
More information about the Openembedded-devel
mailing list