[Python-Dev] Security Advisory for unicode repr() bug?
skip at pobox.com
skip at pobox.com
Sat Oct 7 14:16:37 CEST 2006
Georg> [ Bug http://python.org/sf/1541585 ]
Georg> This seems to be handled like a security issue by linux
Georg> distributors, it's also a news item on security related pages.
Georg> Should a security advisory be written and official patches be
Georg> provided?
I asked about this a few weeks ago. I got no direct response. Secunia sent
mail to webmaster and the SF project admins asking about how this could be
exploited. (Isn't figuring that stuff out their job?)
This was corrected before 2.5 was released and the 2.4 source has (I think)
already been patched, with 2.4.4 right around the corner. The bulk of the
Python installations in the field are probably running on Windows (most of
them provided by HP/Compaq), and it seems the Linux vendors are all over it.
I don't know if Apple has picked up on it (or if the version they currently
distribute is affected - 2.3.5 built Oct 5 2005). Would you provide a patch
of some sort for Windows or just refer people to corrected installers?
Given the apparently miserable results trying to get Windows users to
install security fixes manually, I doubt a new 2.4.3 Windows installer would
get much exercise.
Skip
More information about the Python-Dev
mailing list