On 11/16/2012 08:21 PM, Otavio Salvador wrote:
On Fri, Nov 16, 2012 at 6:53 AM, yanjun.zhu <[email protected]>wrote:
The utf-16 decoder in Python 3.1 through 3.3 does not update the
aligned_end variable after calling the unicode_decode_call_errorhandler
function, which allows remote attackers to obtain sensitive information
(process memory) or cause a denial of service (memory corruption and crash)
via unspecified vectors.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2135
Signed-off-by: yanjun.zhu <[email protected]>
I think this needs to be backported to previous releases, right?
Hi, Otavio
OK. I will do it.
Thanks a lot.
Zhu Yanjun
_______________________________________________
Openembedded-devel mailing list
[email protected]
http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-devel
