]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 0956df1) | patch
python: Fix CVE-2014-7185
authorWenzong Fan <wenzong.fan@windriver.com>
Wed, 26 Nov 2014 16:22:12 +0000 (08:22 -0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Wed, 26 Nov 2014 17:01:43 +0000 (17:01 +0000)
commit3dd696e03e66fa98b58a17b7f34ffe4002ddc9c6
treea6e788ab381c6524f232605f8a981a083732f974tree | snapshot
parent0956df1596f899337afb3551db01a59bf1c38856commit | diff
python: Fix CVE-2014-7185

Integer overflow in bufferobject.c in Python before 2.7.8 allows
context-dependent attackers to obtain sensitive information from
process memory via a large size and offset in a "buffer" function.

This back-ported patch fixes CVE-2014-7185

(From OE-Core rev: 49ceed974e39ab8ac4be410e5caa5e1ef7a646d9)

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Conflicts:
meta/recipes-devtools/python/python_2.7.3.bb

hand merged bb file since I did not take previous patch.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-devtools/python/python/python-2.7.3-CVE-2014-7185.patch [new file with mode: 0644] blob
meta/recipes-devtools/python/python_2.7.3.bb diff | blob | history
Mirror of the official openembedded-core repository