This is an old problem.
http://www.python.org/files/news/security/PSF-2006-001/PSF-2006-001.txt
The flaw only manifests itself in Python builds configured to support
UCS-4 Unicode strings (using the --enable-unicode=ucs4 configure flag).
This is still not the default, which is why the vulnerability should not
be present in most Python builds out there, especially not the builds
for
the Windows or Mac OS X platform provided by www.python.org.
You can find out whether you are running a UCS-4 enabled build by
looking
at the sys.maxunicode attribute: it is 65535 in a UCS-2 build and
1114111
in a UCS-4 build.
On Fri, 2008-15-08 at 09:51 -0500, David E. Sallis wrote:
> Recently a multiple buffer overflow vulnerability advisory was posted for all
> versions of Python except 2.5.2-r6 and 2.4.4-r14 (see
> http://www.securityfocus.com/bid/30491).
>
> Is Stackless being patched to address these vulnerabilities? I'm currently
> using Stackless 2.4.3 but could probably upgrade to
> 2.5.2. Which give rise to another question: is Stackless 2.5.2 vulnerable?
>
> Many thanks.
--
--gh
_______________________________________________
Stackless mailing list
[email protected]
http://www.stackless.com/mailman/listinfo/stackless
