On 01/05/2018 07:37 PM, Ovidiu Panait wrote:
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution).
What about python 3.x that this patch also touches?
Upstream patches: https://github.com/python/cpython/commit/c3c9db89273fabc62ea1b48389d9a3000c1c03ae https://github.com/python/cpython/commit/fd8614c5c5466a14a945db5b059c10c0fb8f76d9 Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-1000158
Can you update the recipes to 2.7.14 and 3.5.4 instead please? Alex -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
