CVE-2012-2135
Published: 14 August 2012
The utf-16 decoder in Python 3.1 through 3.3 does not update the aligned_end variable after calling the unicode_decode_call_errorhandler function, which allows remote attackers to obtain sensitive information (process memory) or cause a denial of service (memory corruption and crash) via unspecified vectors.
Notes
Author | Note |
---|---|
jdstrand | python3 only patch in upstream bug is in Debian, but not committed upstream |
mdeslaur | 3.3 wasn't affected. Only tests were commited. |
Priority
Status
Package | Release | Status |
---|---|---|
python3.2 Launchpad, Ubuntu, Debian |
upstream |
Released
(3.2.3-4)
|
hardy |
Does not exist
|
|
lucid |
Does not exist
|
|
natty |
Released
(3.2-1ubuntu1.2)
|
|
oneiric |
Released
(3.2.2-0ubuntu1.1)
|
|
precise |
Released
(3.2.3-0ubuntu3.2)
|
|
quantal |
Not vulnerable
(3.2.3-6ubuntu3)
|
|
raring |
Does not exist
|
|
Patches: upstream: http://hg.python.org/cpython/rev/034ff986019d |
||
python3.3 Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
hardy |
Does not exist
|
|
lucid |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Not vulnerable
|
|
raring |
Not vulnerable
|
|
Patches: upstream: http://hg.python.org/cpython/rev/034ff986019d |
||
python3.1 Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
hardy |
Does not exist
|
|
lucid |
Released
(3.1.2-0ubuntu3.2)
|
|
natty |
Released
(3.1.3-1ubuntu1.2)
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
Patches: upstream: http://hg.python.org/cpython/rev/034ff986019d |