[Python-Dev] Security Advisory for unicode repr() bug?

skip at pobox.com skip at pobox.com
Sat Oct 7 14:16:37 CEST 2006

    Georg> [ Bug http://python.org/sf/1541585 ]

    Georg> This seems to be handled like a security issue by linux
    Georg> distributors, it's also a news item on security related pages.

    Georg> Should a security advisory be written and official patches be
    Georg> provided?

I asked about this a few weeks ago.  I got no direct response.  Secunia sent
mail to webmaster and the SF project admins asking about how this could be
exploited.  (Isn't figuring that stuff out their job?)

This was corrected before 2.5 was released and the 2.4 source has (I think)
already been patched, with 2.4.4 right around the corner.  The bulk of the
Python installations in the field are probably running on Windows (most of
them provided by HP/Compaq), and it seems the Linux vendors are all over it.
I don't know if Apple has picked up on it (or if the version they currently
distribute is affected - 2.3.5 built Oct 5 2005).  Would you provide a patch
of some sort for Windows or just refer people to corrected installers?
Given the apparently miserable results trying to get Windows users to
install security fixes manually, I doubt a new 2.4.3 Windows installer would
get much exercise.


More information about the Python-Dev mailing list