[Python-Dev] Python 2.5.3: call for patches
doko at ubuntu.com
Wed Nov 12 08:31:03 CET 2008
Martin v. Löwis schrieb:
>> I would like to apply fixes for some CVE's which are addressed in 2.5 but not
>> yet in 2.4. this would include
> Can you identify the revisions that would need backporting?
> I could only find (trunk revisions)
> CVE-2007-4965: r65880
> CVE-2008-1721: r62235, issue2586
> CVE-2008-3144: issue2588, issue2589, r63734, r63728.
> CVE-2008-1887: issue2587, r62261, r62271
> CVE-2008-4864: r66689
> So what about
> CVE-2008-1679: claimed to be issue1179 in the CVE, but
> that says it fixes CVE-2007-4965 only?
the original fix for CVE-2007-4965 did miss two chunks, which are included in
r65878 on the 2.5 branch.
this is r65334 on the 2.5 branch and r65335 on the trunk:
Security patches from Apple: prevent int overflow when allocating memory
this was already checked in, with an added NEWS item in 2.4.5. Moved this
> In principle, this is fine with me, so go ahead.
More information about the Python-Dev