[oe] [PATCH] python: fix for Security Advisory - python - CVE-2012-2135
Paul Eggleton
paul.eggleton at linux.intel.com
Thu Nov 29 14:07:33 UTC 2012
On Friday 16 November 2012 16:53:42 yanjun.zhu wrote:
> The utf-16 decoder in Python 3.1 through 3.3 does not update the
> aligned_end variable after calling the unicode_decode_call_errorhandler
> function, which allows remote attackers to obtain sensitive information
> (process memory) or cause a denial of service (memory corruption and crash)
> via unspecified vectors.
>
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2135
>
> Signed-off-by: yanjun.zhu <yanjun.zhu at windriver.com>
> ---
> .../python/python/python-2.7.2-CVE-2012-2135.patch | 12 ++++++++++++
> recipes-devtools/python/python_2.7.2.bbappend | 1 +
> 2 files changed, 13 insertions(+), 0 deletions(-)
> create mode 100644
> recipes-devtools/python/python/python-2.7.2-CVE-2012-2135.patch
This patch is also against OE-Core, could you send this to the OE-Core list as
well?
Thanks,
Paul
--
Paul Eggleton
Intel Open Source Technology Centre
More information about the Openembedded-devel
mailing list