gettext.c2py()¶

Arbitrary code execution in gettext.c2py().

Dates:

Disclosure date: 2016-10-30 (Python issue bpo-28563 reported)

Fixed In¶

Python 2.7.13 (2016-12-17) fixed by commit a876027 (branch 2.7) (2016-11-08)
Python 3.3.7 (2017-09-19) fixed by commit 07bcf05 (branch 3.3) (2016-11-08)
Python 3.4.6 (2017-01-16) fixed by commit 07bcf05 (branch 3.3) (2016-11-08)
Python 3.5.3 (2017-01-16) fixed by commit 07bcf05 (branch 3.3) (2016-11-08)
Python 3.6.0 (2016-12-22) fixed by commit 07bcf05 (branch 3.3) (2016-11-08)

Python issue¶

Arbitrary code execution in gettext.c2py.

Python issue: bpo-28563
Creation date: 2016-10-30
Reporter: Carl Ekerot

Timeline¶

Timeline using the disclosure date 2016-10-30 as reference:

2016-10-30: Python issue bpo-28563 reported by Carl Ekerot
2016-11-08 (+9 days): commit 07bcf05 (branch 3.3)
2016-11-08 (+9 days): commit a876027 (branch 2.7)
2016-12-17 (+48 days): Python 2.7.13 released
2016-12-22: Python 3.6.0 released
2017-01-16 (+78 days): Python 3.4.6 released
2017-01-16 (+78 days): Python 3.5.3 released
2017-09-19 (+324 days): Python 3.3.7 released

Links¶

https://www.xil.se/post/is-eval-safe-yet-rspkt/

Read the Docs v: latest

Versions: latest

Downloads: pdf; html; epub

On Read the Docs: Project Home; Builds

Free document hosting provided by Read the Docs.