mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-07 09:16:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

python: Fix CVE-2014-7185

Browse Source 
Integer overflow in bufferobject.c in Python before 2.7.8 allows
context-dependent attackers to obtain sensitive information from
process memory via a large size and offset in a "buffer" function.

This back-ported patch fixes CVE-2014-7185

(From OE-Core rev: 49ceed974e39ab8ac4be410e5caa5e1ef7a646d9)

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Wenzong Fan
2014-11-12 03:25:48 -05:00
committed by Richard Purdie
parent 587b28b551
commit 07a31ed4d1
2 changed files with 76 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
meta/recipes-devtools/python/python_2.7.3.bb
View File

@@ -39,6 +39,7 @@ SRC_URI += "\
file://json-flaw-fix.patch \
file://posix_close.patch \
file://remove-BOM-insection-code.patch \
file://python-2.7.3-CVE-2014-7185.patch \
"
S = "${WORKDIR}/Python-${PV}"