Re: CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/25/2012 12:35 AM, Kurt Seifried wrote:
> Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler 
> aligned_end is not updated
>
> does not appear to affect Python 2.x
>
> memory leak/crashes/etc.
>
> http://bugs.python.org/issue14579
>
> Author: Serhiy Storchaka (storchaka)  Date: 2012-04-14 18:46
>
> In the utf-16 decoder after calling
> unicode_decode_call_errorhandler aligned_end is not updated. This
> may potentially cause data leaks, memory damage, and crash. The bug
> introduced by implementation of the issue #4868. In a similar
> situation in the utf-8 decoder aligned_end is updated.
>
> ========
>
> More discussion and links to the patches/etc. in the bug.

Please use CVE-2012-2135 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPl5vBAAoJEBYNRVNeJnmTc5wQANv/7hfBeBKnEdSktxtBVqIB
6YvNbWHzc4mAE8YmhghOaDEGhJ/0z8QpkypBglQAgPEUhOV06fhnHuLylCpGGQXC
LfY4zY7LzZKvavlDlTJC++v4OIi3+gSqgGCXFR1f89uZiitFvt7KqnR7zf4kT1ID
IbgZSSeQt9MxD6Pa3JEQYG3zdsyGW3YbF4dDWYjFTk7BQl/NcWxxr1jgLPHvJgUE
C6EnCO2IWrGjhmqF0Po/7kBPMPYUALlFfDHsr16lMvtStBnXLT9Eyz0pdZzlkH04
8eOuaxmLR2OxGoK3ViCM16ib89IvjzJv/F3xZ3cpwBJmoKstgl6TR3pPE81bhoUv
gZpwPa77QehivYDDiLc6Zek2aIWc1QNRv47x59DUJIchDomcHipSvUWTOB+8f913
qhbXuqKCeG1js5YBAE/zNnq3W2ub4op68tT1ZlVO/wcUdPhJvCbULBve/5wUGN+v
0g6rzUK+jSzaqK26shOvFIZZSgN7tDcrPJ1mKuqocQ/8+zAGJEw5Tlp+kJ6CGdjt
02lWmo9svNvTusYnNaMMbmcHcQx5kfKH/Ic4LkJ6C7tXr7/8DBoQ2yMOTc3etS+s
hwiUAOXLBfbyLw/OQzG57s8brkapo5PYpAbRpKlaMCKHgunMKjPpQa1RYHBx4uoX
VPDXf6hbjLBKrsNYM71g
=xCOX
-----END PGP SIGNATURE-----