On Fri, Nov 16, 2012 at 6:53 AM, yanjun.zhu <[email protected]>wrote:
> The utf-16 decoder in Python 3.1 through 3.3 does not update the > aligned_end variable after calling the unicode_decode_call_errorhandler > function, which allows remote attackers to obtain sensitive information > (process memory) or cause a denial of service (memory corruption and crash) > via unspecified vectors. > > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2135 > > Signed-off-by: yanjun.zhu <[email protected]> > I think this needs to be backported to previous releases, right? -- Otavio Salvador O.S. Systems E-mail: [email protected] http://www.ossystems.com.br Mobile: +55 53 9981-7854 http://projetos.ossystems.com.br _______________________________________________ Openembedded-devel mailing list [email protected] http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-devel
