On Mon, Nov 19, 2012 at 12:36 AM, yzhu1 <[email protected]> wrote:
> On 11/19/2012 10:26 AM, yzhu1 wrote: > >> On 11/16/2012 08:21 PM, Otavio Salvador wrote: >> >>> On Fri, Nov 16, 2012 at 6:53 AM, yanjun.zhu <[email protected]>** >>> wrote: >>> >>> The utf-16 decoder in Python 3.1 through 3.3 does not update the >>>> aligned_end variable after calling the unicode_decode_call_** >>>> errorhandler >>>> function, which allows remote attackers to obtain sensitive information >>>> (process memory) or cause a denial of service (memory corruption and >>>> crash) >>>> via unspecified vectors. >>>> >>>> http://web.nvd.nist.gov/view/**vuln/detail?vulnId=CVE-2012-**2135<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2135> >>>> >>>> Signed-off-by: yanjun.zhu <[email protected]> >>>> >>>> I think this needs to be backported to previous releases, right? >>> >> Hi, Otavio >> >> OK. I will do it. >> >> Thanks a lot. >> Zhu Yanjun >> >> >> Hi, Otavio > > Sorry. I do not know what is the previous releases. Do you mean denzil > branch or others? > Would you like to make it clear? Yes, I meant denzil and danny (both released and maintained for now). -- Otavio Salvador O.S. Systems E-mail: [email protected] http://www.ossystems.com.br Mobile: +55 53 9981-7854 http://projetos.ossystems.com.br _______________________________________________ Openembedded-devel mailing list [email protected] http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-devel
