Changes by Arfrever Frehtes Taifersar Arahesis arfrever@gmail.com:
--
nosy: +Arfrever
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue24552
___
New submission from Benjamin Peterson:
From Kurucsai Istvan on the security list:
I. Summary
There is a use-after-free in the load_newobj_ex function in _pickle.c that
results in an arbitrary read.
II. Source code
The functions in question:
static int
load_newobj_ex(UnpicklerObject *self)
Roundup Robot added the comment:
New changeset 24ce32d76376 by Benjamin Peterson in branch '3.4':
fix use after free (closes #24552)
https://hg.python.org/cpython/rev/24ce32d76376
New changeset 24197b5f7126 by Benjamin Peterson in branch '3.5':
merge 3.4 (#24552)
Roundup Robot added the comment:
New changeset 978bc1ff43a7 by Benjamin Peterson in branch '3.4':
use correct __new__ method (closes #24552)
https://hg.python.org/cpython/rev/978bc1ff43a7
--
resolution: - fixed
status: open - closed
___
Python
STINNER Victor added the comment:
Buildbots are not happy. Example:
http://buildbot.python.org/all/builders/AMD64%20FreeBSD%2010.0%203.5/builds/57/steps/test/logs/stdio
==
ERROR: test_newobj_not_class