[v2.6] python: overflow with large buffer sizes and/or offsets (CVE-2014-7185)
Python 2.7.8 fixes a potential wraparound in buffer() with possible CWE-200 implications.
Note: Though the request is for Python 2.7, vulnerable code appears to exist in EOL’d versions 1.6.1 through 2.6.9 as well.
References:
http://seclists.org/oss-sec/2014/q3/638
http://bugs.python.org/issue21831
(from redmine: issue id 3463, created on 2014-10-17, closed on 2014-10-23)
- Relations:
- parent #3461 (closed)
- Changesets:
- Revision ccedb506 by Natanael Copa on 2014-10-22T14:36:09Z:
main/python: security upgrade to 2.7.8 (CVE-2014-7185)
fixes #3463