[issue14471] Buffer overrun in winreg.c

2012-04-02 Thread Kristján Valur Jónsson
Changes by Kristján Valur Jónsson : -- resolution: -> fixed status: open -> closed ___ Python tracker ___ ___ Python-bugs-list mailin

[issue14471] Buffer overrun in winreg.c

2012-04-02 Thread Roundup Robot
Roundup Robot added the comment: New changeset b3639f6aaa2b by Kristján Valur Jónsson in branch '3.2': Issue #14471: Fix a possible buffer overrun in the winreg module. http://hg.python.org/cpython/rev/b3639f6aaa2b New changeset 80d814d7b886 by Kristján Valur Jónsson in branch 'default': Merge

[issue14471] Buffer overrun in winreg.c

2012-04-02 Thread Kristján Valur Jónsson
Kristján Valur Jónsson added the comment: Thanks for the your info/insight, Martin. I'll update 3.2 and 3.3. as you suggest then. -- ___ Python tracker ___ __

[issue14471] Buffer overrun in winreg.c

2012-04-02 Thread Martin v . Löwis
Martin v. Löwis added the comment: > Martin, what constitutes a security fix for Python? For example, > isn't it conceivable that one could place a long key into some > registry setting used by python and thus interfere with its stack? If it has a CVE identifier, it's a security fix. Other

[issue14471] Buffer overrun in winreg.c

2012-04-02 Thread Kristján Valur Jónsson
Kristján Valur Jónsson added the comment: Thanks. Martin, what constitutes a security fix for Python? For example, isn't it conceivable that one could place a long key into some registry setting used by python and thus interfere with its stack? Aren't stack buffer overruns a classic securit

[issue14471] Buffer overrun in winreg.c

2012-04-02 Thread Amaury Forgeot d'Arc
Amaury Forgeot d'Arc added the comment: In 2.7, the file is named _winreg.c. But the patch does not apply there, because it's using the ANSI (=bytes) API. -- nosy: +amaury.forgeotdarc ___ Python tracker

[issue14471] Buffer overrun in winreg.c

2012-04-01 Thread Martin v . Löwis
Changes by Martin v. Löwis : -- versions: -Python 3.1 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://m

[issue14471] Buffer overrun in winreg.c

2012-04-01 Thread Martin v . Löwis
Martin v. Löwis added the comment: The patch looks fine. As it's not a security fix, it should go into 3.2 and default. -- ___ Python tracker ___ __

[issue14471] Buffer overrun in winreg.c

2012-04-01 Thread Antoine Pitrou
Changes by Antoine Pitrou : -- nosy: +loewis ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python

[issue14471] Buffer overrun in winreg.c

2012-04-01 Thread Kristján Valur Jónsson
Changes by Kristján Valur Jónsson : -- title: Buffer oferrun in winreg.c -> Buffer overrun in winreg.c ___ Python tracker ___ ___ Pyth