[Python-Dev] Python Remote Code Execution in socket.recvfrom_into()
Benjamin Peterson
benjamin at python.org
Tue Feb 25 15:41:17 CET 2014
On Mon, Feb 24, 2014, at 11:39 PM, Christian Heimes wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Hi,
>
> this looks pretty serious -- and it caught me off guard, too. :(
>
> https://www.trustedsec.com/february-2014/python-remote-code-execution-socket-recvfrom_into/
>
> Next time please inform the Python Security Response Team about any
> and all issues that are related to buffer overflows or similar bugs.
> In fact please drop a note about anything that even remotely look like
> an exploitable issue. Even public bug reports should be forwarded to
> PSRT.
I'm not sure why you think it wasn't sent to security@
https://mail.python.org/mailman/private/psrt/2014-January/001297.html
More information about the Python-Dev
mailing list