There is a buffer overflow in socket.recvfrom_into that permits arbitrary remote code execution. There is also a known exploit published for this issue. Given how trivial it is to exploit this from the network, as a completely unauthenticated party, the flaw is fairly critical. Affected versions are reported as: Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 So that's everything currently in the tree. Could we have the appropriate package bumps pushed ASAP? Upstream bug report: http://bugs.python.org/issue20246 Relevant CVE links: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 http://www.cvedetails.com/cve/CVE-2014-1912/ Thanks in advance. Reproducible: Always
*** This bug has been marked as a duplicate of bug 500518 ***
Apologies, I some how missed that bug when I did a search for existing bugs.