python: Fix CVE-2014-1912

A remote user can send specially crafted data to trigger a buffer overflow in socket.recvfrom_into() and execute arbitrary code on the target system. The code will run with the privileges of the target service. This back-ported patch fixes CVE-2014-1912 Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Maxin B. John <maxin.john@enea.com> 2014-04-07 17:48:11 +0200
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2014-04-08 17:51:04 +0100
commit: 344049ccfa59ae489c35fe0fb7592f7d34720b51 (patch)
tree: dba8a2f3a231bd7019f0ca5aa41637382af03eeb /meta/recipes-devtools/python/python_2.7.3.bb
parent: 9d142a7f523f89cd65bef2cd6ce75e4f4500711b (diff)
download: openembedded-core-344049ccfa59ae489c35fe0fb7592f7d34720b51.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-devtools/python/python_2.7.3.bb b/meta/recipes-devtools/python/python_2.7.3.bb
index c7bb9b4131..0d641720f1 100644
--- a/meta/recipes-devtools/python/python_2.7.3.bb
+++ b/meta/recipes-devtools/python/python_2.7.3.bb
@@ -35,6 +35,7 @@ SRC_URI += "\
   file://parallel-makeinst-create-bindir.patch \
   file://python-2.7.3-CVE-2013-1752-smtplib-fix.patch \
   file://python-fix-build-error-with-Readline-6.3.patch \
+  file://python-2.7.3-CVE-2014-1912.patch \
 "
 
 S = "${WORKDIR}/Python-${PV}"
author	Maxin B. John <maxin.john@enea.com>	2014-04-07 17:48:11 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2014-04-08 17:51:04 +0100
commit	344049ccfa59ae489c35fe0fb7592f7d34720b51 (patch)
tree	dba8a2f3a231bd7019f0ca5aa41637382af03eeb /meta/recipes-devtools/python/python_2.7.3.bb
parent	9d142a7f523f89cd65bef2cd6ce75e4f4500711b (diff)
download	openembedded-core-344049ccfa59ae489c35fe0fb7592f7d34720b51.tar.gz