| non port: lang/python33/files/patch-CVE-2014-1912 |
|
SVNWeb
|
Number of commits found: 2 |
|
Tue, 4 Mar 2014
|
[ 12:38 koobs  ]  
lang/python33: Update to 3.3.4
- Update to 3.3.4
- Update pkg-plist
- Remove patch-CVE-2014-1912 (upstream)
- Remove patch-issue20374 (upstream)
- Repatch and rename patch-Modules__fcntlmodule.c
- Add patch-issue-20695-Lib__test__test_urllibnet.py (tests) [1]
- Add regression-test target for QA
Changes: 3.3.4 - 09/02/2014
http://docs.python.org/3.3/whatsnew/changelog.html#python-3-3-4
Extra:
- Update python-doc-html distinfo for Python 3.3 docs
- Update bsd.python.mk to support the new version
[1] http://bugs.python.org/issue20695
|
|
Sat, 1 Mar 2014
|
[ 10:52 koobs ]
lang/python*: Backport security fix for CVE-2014-1912
A vulnerability was reported [1] in Python's socket module, due to a
boundary error within the sock_recvfrom_into() function, which could be
exploited to cause a buffer overflow.
This could be used to crash a Python application that uses the
socket.recvfrom_info() function or, possibly, execute arbitrary code
with the permissions of the user running vulnerable Python code.
This vulnerable function, socket.recvfrom_into(), was introduced in
Python 2.5. Earlier versions are not affected by this flaw. This is
fixed in upstream branches for version 2.7, 3.1, 3.2 and 3.3.
[1] http://bugs.python.org/issue20246
MFH: 2014Q1
Security: 8e5e6d42-a0fa-11e3-b09a-080027f2d077
|
Number of commits found: 2 |
As an Amazon Associate I earn from qualifying purchases.