-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi,
this looks pretty serious -- and it caught me off guard, too. :( https://www.trustedsec.com/february-2014/python-remote-code-execution-socket-recvfrom_into/ Next time please inform the Python Security Response Team about any and all issues that are related to buffer overflows or similar bugs. In fact please drop a note about anything that even remotely look like an exploitable issue. Even public bug reports should be forwarded to PSRT. I have requested a CVE number. How about security releases? The upcoming 3.3 and 3.4 release should contain the fix (not verified yet). Python 2.7 to 3.2 will need a security release, though. Regards Christian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCgAGBQJTDEi1AAoJEMeIxMHUVQ1FdAwP/j36bioIzz+kFvX9AEo2Bxtq H+JsvRxiWHJrXLG0YUf1AolW+s92/2dRAYLq86DQa7PK2rvrqR4bQUOP+fLi9hdT 5b9YF4mHhBtte9lTDwESYw4IXtoOz4gbhXpY/dGGLjiEeWYNgRl40xSZYXf6cZfR okRRE0c6EZ9WnAYWl1vW1oUzPjua0KOpVOhvabog/YNSPL3SW8shWANpu0fg/n+G guBYTP90pgUEz7Jc20xeVAB9BeZoC/jjDPv1QRMu+PWjyFeaI4iLdNe3loRXBYy1 xmzHxQACzQR45lxAzCoBwBopC49JIF7o7pnTBrY9id9j0yRMAPC/N1uQCceLO1yc GoKardxzUT9IX++yfLTOYwdGnpXDQeXUbHAImcWNGMN8QfsWUFBezPmqKM7tfTNR I/khqTaLPewr58z4d/erfJ5wSEHVdyWASmUWGniS9jjfFNVBDNA2pSPBCP9TJhK5 30BOnKB+MMNG+LCe5chiQOyKje/pbfwrEwwrdiJYCOSXK+w/hbPClNBBq4w9XXVk sIIk5xO1IZ4rMG/YLkg9vaWzn7Yi6O0GJXOmQWp+22kYwaQK+3l6qqSSo2laMVN8 c6sLFng3loO1v3SDO0AOTTU2VcdsS0SdYLkEXMwHK/tRWeXWrwC5HrYnFS0Hu0iI EQlaImb433lu8mHrvPEx =K5ZL -----END PGP SIGNATURE----- _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
