On 11/29/2012 10:07 PM, Paul Eggleton wrote:
On Friday 16 November 2012 16:53:42 yanjun.zhu wrote:
The utf-16 decoder in Python 3.1 through 3.3 does not update the
aligned_end variable after calling the unicode_decode_call_errorhandler
function, which allows remote attackers to obtain sensitive information
(process memory) or cause a denial of service (memory corruption and crash)
via unspecified vectors.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2135
Signed-off-by: yanjun.zhu <[email protected]>
---
.../python/python/python-2.7.2-CVE-2012-2135.patch | 12 ++++++++++++
recipes-devtools/python/python_2.7.2.bbappend | 1 +
2 files changed, 13 insertions(+), 0 deletions(-)
create mode 100644
recipes-devtools/python/python/python-2.7.2-CVE-2012-2135.patch
This patch is also against OE-Core, could you send this to the OE-Core list as
well?
OK. I will follow your advice.
Thanks a lot.
Zhu Yanjun
Thanks,
Paul
_______________________________________________
Openembedded-devel mailing list
[email protected]
http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-devel
