This issue tracker has been migrated to GitHub ,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
| Author | gregory.p.smith |
|---|---|
| Recipients | Arfrever, Jim.Jewett, amaury.forgeotdarc, barry, benjamin.peterson, dmalcolm, georg.brandl, gregory.p.smith, pitrou, python-dev |
| Date | 2012年07月14日.21:39:33 |
| SpamBayes Score | -1.0 |
| Marked as misclassified | Yes |
| Message-id | <1342301974.37.0.460593575348.issue14340@psf.upfronthosting.co.za> |
| In-reply-to |
| Content | |
|---|---|
Reasons why it is a good idea to apply this change to 2.7.4 and 3.2.4: * Memory leak in poolGrow (CVE-2012-1148) * Resource leak in readfilemap.c (CVE-2012-1147) * Buffer over-read and crash in big2_toUtf8 (CVE-2009-3560) * Parser crash with special UTF-8 sequences (CVE-2009-3270) * Dangling positionPtr after error (2855609) - http://sourceforge.net/tracker/?func=detail&aid=2855609&group_id=10127&atid=110127 - Specifically reported by a pyexpat user. * Unitialized memory returned from XML_Parse (3206497) - http://sourceforge.net/tracker/?func=detail&aid=3206497&group_id=10127&atid=110127 The features 2.1.0 adds over 2.0.x are not exposed to pyexpat or Python users. |
|
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2012年07月14日 21:39:34 | gregory.p.smith | set | recipients: + gregory.p.smith, barry, georg.brandl, amaury.forgeotdarc, pitrou, benjamin.peterson, Arfrever, dmalcolm, python-dev, Jim.Jewett |
| 2012年07月14日 21:39:34 | gregory.p.smith | set | messageid: <1342301974.37.0.460593575348.issue14340@psf.upfronthosting.co.za> |
| 2012年07月14日 21:39:33 | gregory.p.smith | link | issue14340 messages |
| 2012年07月14日 21:39:33 | gregory.p.smith | create | |