[3.6] python: PyString_DecodeEscape integer overflow (CVE-2017-1000158)
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)
(from redmine: issue id 8541, created on 2018-02-22, closed on 2018-02-23)
- Relations:
- parent #8540 (closed)
- Changesets:
- Revision 4be3cb72 by Natanael Copa on 2018-02-22T21:58:37Z:
main/python2: security upgrade to 2.7.14 (CVE-2017-1000158)
fixes #8541