diff options
| author | Wenzong Fan <wenzong.fan@windriver.com> | 2014-11-12 03:25:48 -0500 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2014-11-20 14:08:10 +0000 |
| commit | 07a31ed4d19edf7eec47cdf2a65b0dc53e2c713c (patch) | |
| tree | 99b5211a3de9fd73ec08da91cd269d8186ed0f70 /meta/recipes-devtools/python/python_2.7.3.bb | |
| parent | 587b28b551308c8b772d088788452f6ca7420909 (diff) | |
| download | poky-07a31ed4d19edf7eec47cdf2a65b0dc53e2c713c.tar.gz | |
python: Fix CVE-2014-7185
Integer overflow in bufferobject.c in Python before 2.7.8 allows
context-dependent attackers to obtain sensitive information from
process memory via a large size and offset in a "buffer" function.
This back-ported patch fixes CVE-2014-7185
(From OE-Core rev: 49ceed974e39ab8ac4be410e5caa5e1ef7a646d9)
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/python/python_2.7.3.bb')
| -rw-r--r-- | meta/recipes-devtools/python/python_2.7.3.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-devtools/python/python_2.7.3.bb b/meta/recipes-devtools/python/python_2.7.3.bb index f2e6fde4d6..50c751e323 100644 --- a/meta/recipes-devtools/python/python_2.7.3.bb +++ b/meta/recipes-devtools/python/python_2.7.3.bb | |||
| @@ -39,6 +39,7 @@ SRC_URI += "\ | |||
| 39 | file://json-flaw-fix.patch \ | 39 | file://json-flaw-fix.patch \ |
| 40 | file://posix_close.patch \ | 40 | file://posix_close.patch \ |
| 41 | file://remove-BOM-insection-code.patch \ | 41 | file://remove-BOM-insection-code.patch \ |
| 42 | file://python-2.7.3-CVE-2014-7185.patch \ | ||
| 42 | " | 43 | " |
| 43 | 44 | ||
| 44 | S = "${WORKDIR}/Python-${PV}" | 45 | S = "${WORKDIR}/Python-${PV}" |