On 30 November 2012 04:30, yanjun.zhu <[email protected]> wrote:
> The utf-16 decoder in Python 3.1 through 3.3 does not update the
> aligned_end variable after calling the unicode_decode_call_errorhandler
> function, which allows remote attackers to obtain sensitive information
> (process memory) or cause a denial of service (memory corruption and crash)
> via unspecified vectors.

The source for the vulnurability says Python 3.1 to 3.3, but you're
patching 2.7.  Is the source not considering the Python 2 releases, or
is 2.7 safe from the exploit?

Ross

_______________________________________________
Openembedded-core mailing list
[email protected]
http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core

Reply via email to