[issue26171] heap overflow in zipimporter module
Vlad K. added the comment: I believe this should be applied to Python 3.3 as well, since the same problem (unchecked data_size before adding +1 for bytes_size) exists there too, and is thus a security issue. -- nosy: +vladk ___ Python tracker <http://bugs.python.org/issue26171> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue26171] heap overflow in zipimporter module
Vlad K. added the comment: Here's the patch that I made for FreeBSD's Python 3.3 port. With this patch, on FreeBSD, Python 3.3 built fine and passed the zipimport related unit tests. It's basically the same code from 3.4, 3.5 and 2.7, just placed at appropriate place in the source. -- versions: -Python 3.3 Added file: http://bugs.python.org/file43427/patch-Modules_zipimport-CVE-2016-5636.c ___ Python tracker <http://bugs.python.org/issue26171> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue26171] heap overflow in zipimporter module
Vlad K. added the comment: Any updates on this? We've committed the patch for Python 3.3 as well in FreeBSD. https://svnweb.freebsd.org/ports?view=revision&revision=417019 -- ___ Python tracker <http://bugs.python.org/issue26171> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue22928] HTTP header injection in urrlib2/urllib/httplib/http.client
Vlad K. added the comment: Doesn't this affect Python 3.3 as well, which is in security-only mode? Shouldn't that version be patched as well? -- nosy: +vladk ___ Python tracker <http://bugs.python.org/issue22928> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
