python: Fix CVE-2014-7185

Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function. This back-ported patch fixes CVE-2014-7185 Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
author: Wenzong Fan <wenzong.fan@windriver.com> 2014-11-12 03:25:48 -0500
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2014-11-20 14:06:28 +0000
commit: 49ceed974e39ab8ac4be410e5caa5e1ef7a646d9 (patch)
tree: 175feb70a4e577d9cd817b211b4733a42936a848 /meta/recipes-devtools/python/python_2.7.3.bb
parent: b93ef60acf8128cf44d4407fdb65a0ac016791d3 (diff)
download: openembedded-core-contrib-49ceed974e39ab8ac4be410e5caa5e1ef7a646d9.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-devtools/python/python_2.7.3.bb b/meta/recipes-devtools/python/python_2.7.3.bb
index f2e6fde4d6..50c751e323 100644
--- a/meta/recipes-devtools/python/python_2.7.3.bb
+++ b/meta/recipes-devtools/python/python_2.7.3.bb
@@ -39,6 +39,7 @@ SRC_URI += "\
   file://json-flaw-fix.patch \
   file://posix_close.patch \
   file://remove-BOM-insection-code.patch \
+  file://python-2.7.3-CVE-2014-7185.patch \
 "
 
 S = "${WORKDIR}/Python-${PV}"
author	Wenzong Fan <wenzong.fan@windriver.com>	2014-11-12 03:25:48 -0500
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2014-11-20 14:06:28 +0000
commit	49ceed974e39ab8ac4be410e5caa5e1ef7a646d9 (patch)
tree	175feb70a4e577d9cd817b211b4733a42936a848 /meta/recipes-devtools/python/python_2.7.3.bb
parent	b93ef60acf8128cf44d4407fdb65a0ac016791d3 (diff)
download	openembedded-core-contrib-49ceed974e39ab8ac4be410e5caa5e1ef7a646d9.tar.gz