Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#39040 - [python2] Backport upstream patch for CVE-2014-1912
Attached to Project:
Arch Linux
Opened by Remi Gacogne (rgacogne) - Tuesday, 25 February 2014, 13:32 GMT
Last edited by Felix Yan (felixonmars) - Wednesday, 26 February 2014, 14:52 GMT
Opened by Remi Gacogne (rgacogne) - Tuesday, 25 February 2014, 13:32 GMT
Last edited by Felix Yan (felixonmars) - Wednesday, 26 February 2014, 14:52 GMT
|
DetailsHello,
Python 2.7.6 is vulnerable to remote code execution caused by a buffer overflow in socket.recvfrom_into() (CVE-2014-1912): https://www.trustedsec.com/february-2014/python-remote-code-execution-socket-recvfrom_into/ http://bugs.python.org/issue20246 The relevant patch has already been committed upstream: http://hg.python.org/cpython/rev/87673659d8f7 I think it may be wise to rebuild our python2 package with the appropriate fix until 2.7.7 is released. Thank you, |
This task depends upon
Closed by Felix Yan (felixonmars)
Wednesday, 26 February 2014, 14:52 GMT
Reason for closing: Implemented
Additional comments about closing: 2.7.6-3
Wednesday, 26 February 2014, 14:52 GMT
Reason for closing: Implemented
Additional comments about closing: 2.7.6-3