This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author barry
Recipients BreamoreBoy, Trundle, amaury.forgeotdarc, barry, brett.cannon, doko, flox, l0nwlf, ncoghlan, orsenthil, pitrou, r.david.murray, vstinner
Date 2011-09-23.16:29:41
SpamBayes Score 1.1482471e-05
Marked as misclassified No
Message-id <1316795382.92.0.761173081892.issue7732@psf.upfronthosting.co.za>
In-reply-to
Content
Note that Python 2.6 is also vulnerable to the crash.  While we do not have an exploit, we did get a report on security@ which led to this bug.  I could be convinced to allow the patch to 2.6 on grounds that if the crasher can be exploited, better to apply it now rather than wait.  Certainly if it's easier to apply 2.6 and forward port, I'm fine with that.

Victor's pyfile_fromfile_close.patch looks good to me and fixes the problem with no discernible ill effects.  On IRC, he said he'll apply it to 2.7, 3.2, and 3.3.  I will approve it for 2.6 if he wants to apply it there too.
History
Date User Action Args
2011-09-23 16:29:43barrysetrecipients: + barry, brett.cannon, doko, amaury.forgeotdarc, ncoghlan, orsenthil, pitrou, vstinner, r.david.murray, Trundle, flox, l0nwlf, BreamoreBoy
2011-09-23 16:29:42barrysetmessageid: <1316795382.92.0.761173081892.issue7732@psf.upfronthosting.co.za>
2011-09-23 16:29:42barrylinkissue7732 messages
2011-09-23 16:29:41barrycreate