[v2.5] python: overflow with large buffer sizes and/or offsets (CVE-2014-7185)
Python 2.7.8 fixes a potential wraparound in buffer() with possible CWE-200 implications.
Note: Though the request is for Python 2.7, vulnerable code appears to exist in EOL’d versions 1.6.1 through 2.6.9 as well.
References:
http://seclists.org/oss-sec/2014/q3/638
http://bugs.python.org/issue21831
(from redmine: issue id 3462, created on 2014-10-17, closed on 2014-10-23)
- Relations:
- parent #3461 (closed)
- Changesets:
- Revision 66f1812a by Natanael Copa on 2014-10-22T14:45:52Z:
main/python: security upgrade to 2.7.8 (CVE-2014-7185)
fixes #3462