On 12/06/2012 09:01 PM, Burton, Ross wrote:
On 30 November 2012 04:30, yanjun.zhu <yanjun....@windriver.com> wrote:
The utf-16 decoder in Python 3.1 through 3.3 does not update the
aligned_end variable after calling the unicode_decode_call_errorhandler
function, which allows remote attackers to obtain sensitive information
(process memory) or cause a denial of service (memory corruption and crash)
via unspecified vectors.
The source for the vulnurability says Python 3.1 to 3.3, but you're
patching 2.7. Is the source not considering the Python 2 releases, or
is 2.7 safe from the exploit?
Ross
I exploit it in Python 2.7. This CVE will affect Python2.7.
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
