Date: Wed, 25 Apr 2012 09:56:06 +0300 From: Henri Salo <henri@...v.fi> To: oss-security@...ts.openwall.com Subject: Re: CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated On Wed, Apr 25, 2012 at 12:37:53AM -0600, Kurt Seifried wrote: > On 04/25/2012 12:35 AM, Kurt Seifried wrote: > > Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler > > aligned_end is not updated > > > > does not appear to affect Python 2.x > > > > memory leak/crashes/etc. > > > > http://bugs.python.org/issue14579 > > > > Author: Serhiy Storchaka (storchaka) Date: 2012-04-14 18:46 > > > > In the utf-16 decoder after calling > > unicode_decode_call_errorhandler aligned_end is not updated. This > > may potentially cause data leaks, memory damage, and crash. The bug > > introduced by implementation of the issue #4868. In a similar > > situation in the utf-8 decoder aligned_end is updated. > > > > ======== > > > > More discussion and links to the patches/etc. in the bug. > > > > Please use CVE-2012-2135 for this issue. Reported to Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670389 - Henri Salo
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.