[oe] [PATCH] python: fix for Security Advisory - python - CVE-2012-2135
Otavio Salvador
otavio at ossystems.com.br
Mon Nov 19 10:21:36 UTC 2012
On Mon, Nov 19, 2012 at 12:36 AM, yzhu1 <Yanjun.Zhu at windriver.com> wrote:
> On 11/19/2012 10:26 AM, yzhu1 wrote:
>
>> On 11/16/2012 08:21 PM, Otavio Salvador wrote:
>>
>>> On Fri, Nov 16, 2012 at 6:53 AM, yanjun.zhu <yanjun.zhu at windriver.com>**
>>> wrote:
>>>
>>> The utf-16 decoder in Python 3.1 through 3.3 does not update the
>>>> aligned_end variable after calling the unicode_decode_call_**
>>>> errorhandler
>>>> function, which allows remote attackers to obtain sensitive information
>>>> (process memory) or cause a denial of service (memory corruption and
>>>> crash)
>>>> via unspecified vectors.
>>>>
>>>> http://web.nvd.nist.gov/view/**vuln/detail?vulnId=CVE-2012-**2135<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2135>
>>>>
>>>> Signed-off-by: yanjun.zhu <yanjun.zhu at windriver.com>
>>>>
>>>> I think this needs to be backported to previous releases, right?
>>>
>> Hi, Otavio
>>
>> OK. I will do it.
>>
>> Thanks a lot.
>> Zhu Yanjun
>>
>>
>> Hi, Otavio
>
> Sorry. I do not know what is the previous releases. Do you mean denzil
> branch or others?
> Would you like to make it clear?
Yes, I meant denzil and danny (both released and maintained for now).
--
Otavio Salvador O.S. Systems
E-mail: otavio at ossystems.com.br http://www.ossystems.com.br
Mobile: +55 53 9981-7854 http://projetos.ossystems.com.br
More information about the Openembedded-devel
mailing list