]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 9d142a7) | patch
python: Fix CVE-2014-1912
authorMaxin B. John <maxin.john@enea.com>
Mon, 7 Apr 2014 15:48:11 +0000 (17:48 +0200)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Tue, 8 Apr 2014 16:51:04 +0000 (17:51 +0100)
commit344049ccfa59ae489c35fe0fb7592f7d34720b51
treedba8a2f3a231bd7019f0ca5aa41637382af03eebtree | snapshot
parent9d142a7f523f89cd65bef2cd6ce75e4f4500711bcommit | diff
python: Fix CVE-2014-1912

A remote user can send specially crafted data to trigger a buffer overflow
in socket.recvfrom_into() and execute arbitrary code on the target system.
The code will run with the privileges of the target service.

This back-ported patch fixes CVE-2014-1912

Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-devtools/python/python/python-2.7.3-CVE-2014-1912.patch [new file with mode: 0644] blob
meta/recipes-devtools/python/python_2.7.3.bb diff | blob | history
Mirror of the official openembedded-core repository