[oe] [PATCH] python: fix for Security Advisory - python - CVE-2012-2135
yzhu1
Yanjun.Zhu at windriver.com
Fri Nov 30 02:49:55 UTC 2012
On 11/29/2012 10:07 PM, Paul Eggleton wrote:
> On Friday 16 November 2012 16:53:42 yanjun.zhu wrote:
>> The utf-16 decoder in Python 3.1 through 3.3 does not update the
>> aligned_end variable after calling the unicode_decode_call_errorhandler
>> function, which allows remote attackers to obtain sensitive information
>> (process memory) or cause a denial of service (memory corruption and crash)
>> via unspecified vectors.
>>
>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2135
>>
>> Signed-off-by: yanjun.zhu <yanjun.zhu at windriver.com>
>> ---
>> .../python/python/python-2.7.2-CVE-2012-2135.patch | 12 ++++++++++++
>> recipes-devtools/python/python_2.7.2.bbappend | 1 +
>> 2 files changed, 13 insertions(+), 0 deletions(-)
>> create mode 100644
>> recipes-devtools/python/python/python-2.7.2-CVE-2012-2135.patch
> This patch is also against OE-Core, could you send this to the OE-Core list as
> well?
OK. I will follow your advice.
Thanks a lot.
Zhu Yanjun
> Thanks,
> Paul
>
More information about the Openembedded-devel
mailing list