| non port: lang/python27/files/patch-CVE-2014-1912 |
|
SVNWeb
|
Number of commits found: 2 |
|
Mon, 14 Jul 2014
|
[ 07:20 koobs  ]   (Only the first 10 of 13 ports in this commit are shown above.  )
lang/python27: Update to 2.7.8
The FreeBSD Python team welcomes Python 2.7.8 to the Ports tree!
Announcement: https://www.python.org/download/releases/2.7.8/
Changelog: http://hg.python.org/cpython/raw-file/v2.7.8/Misc/NEWS
- Update to 2.7.8, update pkg-plist
- OPTIONS: Reorder and sort alphabetically
- OPTIONS: Make POSIX SEM(aphores) a DEFAULT (Hi binary package users!)
- OPTIONS: Add better descriptions for UCS2 and UCS4
- OPTIONS: Use options helpers
- Remove patch-CVE-2014-1912: upstream, was backported
- Remove patch-issue20374: upstream, was backported
- Rename patch-Doc__library__fcntl.rst: underscore convention (Only the first 15 lines of the commit message are shown above )
|
|
Sat, 1 Mar 2014
|
[ 10:52 koobs ]
lang/python*: Backport security fix for CVE-2014-1912
A vulnerability was reported [1] in Python's socket module, due to a
boundary error within the sock_recvfrom_into() function, which could be
exploited to cause a buffer overflow.
This could be used to crash a Python application that uses the
socket.recvfrom_info() function or, possibly, execute arbitrary code
with the permissions of the user running vulnerable Python code.
This vulnerable function, socket.recvfrom_into(), was introduced in
Python 2.5. Earlier versions are not affected by this flaw. This is
fixed in upstream branches for version 2.7, 3.1, 3.2 and 3.3.
[1] http://bugs.python.org/issue20246
MFH: 2014Q1
Security: 8e5e6d42-a0fa-11e3-b09a-080027f2d077
|
Number of commits found: 2 |
As an Amazon Associate I earn from qualifying purchases.