[Python-Dev] Python Remote Code Execution in socket.recvfrom_into()
ncoghlan at gmail.com
Tue Feb 25 08:53:49 CET 2014
On 25 February 2014 17:39, Christian Heimes <christian at python.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> this looks pretty serious -- and it caught me off guard, too. :(
> Next time please inform the Python Security Response Team about any
> and all issues that are related to buffer overflows or similar bugs.
> In fact please drop a note about anything that even remotely look like
> an exploitable issue. Even public bug reports should be forwarded to PSRT.
> I have requested a CVE number. How about security releases? The
> upcoming 3.3 and 3.4 release should contain the fix (not verified
I've checked these, and noted the relevant hg.python.org links on the
tracker issue at http://bugs.python.org/issue20246
> Python 2.7 to 3.2 will need a security release, though.
Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
More information about the Python-Dev