review.tizen.org Git - scm/bb/tizen-distro.git/commit

author	Wenzong Fan <wenzong.fan@windriver.com>
	Wed, 26 Nov 2014 16:22:12 +0000 (08:22 -0800)
committer	Patrick Ohly <patrick.ohly@intel.com>
	Fri, 9 Jan 2015 17:18:44 +0000 (09:18 -0800)
commit	f4c835f3b0729882190d43dba6ee8cd86da463a8
tree	6e540129bcfb02e4c1ce4ea51cb8fdbb5fc672bf	tree \| snapshot
parent	4f40c01907264be6aebb4039325d78c940e951fb	commit \| diff

python: Fix CVE-2014-7185

Integer overflow in bufferobject.c in Python before 2.7.8 allows
context-dependent attackers to obtain sensitive information from
process memory via a large size and offset in a "buffer" function.

This back-ported patch fixes CVE-2014-7185

(From OE-Core rev: 49ceed974e39ab8ac4be410e5caa5e1ef7a646d9)

(From OE-Core rev: 3dd696e03e66fa98b58a17b7f34ffe4002ddc9c6)

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Conflicts:
meta/recipes-devtools/python/python_2.7.3.bb

hand merged bb file since I did not take previous patch.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

meta/recipes-devtools/python/python/python-2.7.3-CVE-2014-7185.patch	[new file with mode: 0644]	blob
meta/recipes-devtools/python/python_2.7.3.bb		diff \| blob \| history