[Python-Dev] 2.5.2 release coming up
"Martin v. Löwis"
martin at v.loewis.de
Thu Jan 24 05:40:32 CET 2008
>> Is threre any chance to fix this bug before releasing 2.5.2?
>> http://bugs.python.org/issue1736
>> It contains potential buffer overrun, I think this is somewhat important.
>> If multibyte support (CharNext) is not needed, I 'll rewrite the patch
>> gracefully.
>
> I'll leave that to MvL to decide; given that AFAIK msilib is only used
> to build the Python installer I'm not sure it's worth defending
> against malicious code -- it would be easier to simply remove it from
> an installation if you have reason to believe you might be executing
> malicious Python code.
>
I'll look into it. msilib is used in distutils (for bdist_msi), so it
should get fixed.
Regards,
Martin
More information about the Python-Dev
mailing list