Overview

File _patchinfo of Package patchinfo.6853

<patchinfo incident="6853">
  <issue id="1068664" tracker="bnc">VUL-0: CVE-2017-1000158: python,python27: CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in thePyString_DecodeEscape function in stringobject.c, resulting in heap-based bufferoverflow (and possible arbitrary code e</issue>
  <issue id="1079300" tracker="bnc">VUL-0: CVE-2018-1000030: python: Heap-Buffer-Overflow and Heap-Use-After-Free in Objects/fileobject.c</issue>
  <issue id="2017-1000158" tracker="cve" />
  <issue id="2018-1000030" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>psimons</packager>
  <description>This update for python fixes the following issues:

Security issues fixed:

- CVE-2017-1000158: Fixed integer overflows in PyString_DecodeEscape that could have resulted in
  heap-based buffer overflow attacks and possible arbitrary code execution (bsc#1068664).
- CVE-2018-1000030: Fixed crash inside the Python interpreter when multiple threads used the same
  I/O stream concurrently (bsc#1079300).
</description>
  <summary>Security update for python</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places