Hi, 2014-02-25 8:39 GMT+01:00 Christian Heimes <[email protected]>: > this looks pretty serious -- and it caught me off guard, too. :( > https://www.trustedsec.com/february-2014/python-remote-code-execution-socket-recvfrom_into/
I don't think that the issue is critical. Extract of the article "Diving into SocketServer() luckily socket.recvfrom_into() isn’t even used". In fact, I didn't find any usage of the method except of unit test. Do you know which applications are vulnerable? Victor _______________________________________________ Python-Dev mailing list [email protected] https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
