[oe] [PATCH] python: fix for Security Advisory - python - CVE-2012-2135
yzhu1
Yanjun.Zhu at windriver.com
Mon Nov 19 02:36:51 UTC 2012
On 11/19/2012 10:26 AM, yzhu1 wrote:
> On 11/16/2012 08:21 PM, Otavio Salvador wrote:
>> On Fri, Nov 16, 2012 at 6:53 AM, yanjun.zhu
>> <yanjun.zhu at windriver.com>wrote:
>>
>>> The utf-16 decoder in Python 3.1 through 3.3 does not update the
>>> aligned_end variable after calling the unicode_decode_call_errorhandler
>>> function, which allows remote attackers to obtain sensitive information
>>> (process memory) or cause a denial of service (memory corruption and
>>> crash)
>>> via unspecified vectors.
>>>
>>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2135
>>>
>>> Signed-off-by: yanjun.zhu <yanjun.zhu at windriver.com>
>>>
>> I think this needs to be backported to previous releases, right?
> Hi, Otavio
>
> OK. I will do it.
>
> Thanks a lot.
> Zhu Yanjun
>
>
Hi, Otavio
Sorry. I do not know what is the previous releases. Do you mean denzil
branch or others?
Would you like to make it clear?
Thanks a lot.
Zhu Yanjun
>
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel at lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-devel
More information about the Openembedded-devel
mailing list