[3.4] python: PyString_DecodeEscape integer overflow (CVE-2017-1000158)
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)
(from redmine: issue id 8543, created on 2018-02-22, closed on 2018-02-23)
- Relations:
- parent #8540 (closed)
- Changesets:
- Revision b4f077dc by Natanael Copa on 2018-02-22T22:06:37Z:
main/python2: security upgrade to 2.7.14 (CVE-2017-1000158)
fixes #8543