There is a buffer overflow in socket.recvfrom_into that permits arbitrary remote code execution. There is also a known exploit published for this issue.
Given how trivial it is to exploit this from the network, as a completely unauthenticated party, the flaw is fairly critical.
Affected versions are reported as:
Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1
So that's everything currently in the tree.
Could we have the appropriate package bumps pushed ASAP?
Upstream bug report:
Relevant CVE links:
Thanks in advance.
*** This bug has been marked as a duplicate of bug 500518 ***
Apologies, I some how missed that bug when I did a search for existing bugs.