[3.5] python: PyString_DecodeEscape integer overflow (CVE-2017-1000158)
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)
(from redmine: issue id 8542, created on 2018-02-22, closed on 2018-02-23)
- Relations:
- parent #8540 (closed)
- Changesets:
- Revision ad08747e by Natanael Copa on 2018-02-22T21:59:15Z:
main/python2: security upgrade to 2.7.14 (CVE-2017-1000158)
fixes #8542