[Python-Dev] 2.5.2 release coming up
Guido van Rossum
guido at python.org
Thu Jan 24 05:09:39 CET 2008
On Jan 23, 2008 7:28 PM, ocean <ocean at m2.ccsnet.ne.jp> wrote:
> Is threre any chance to fix this bug before releasing 2.5.2?
> http://bugs.python.org/issue1736
> It contains potential buffer overrun, I think this is somewhat important.
> If multibyte support (CharNext) is not needed, I 'll rewrite the patch
> gracefully.
I'll leave that to MvL to decide; given that AFAIK msilib is only used
to build the Python installer I'm not sure it's worth defending
against malicious code -- it would be easier to simply remove it from
an installation if you have reason to believe you might be executing
malicious Python code.
--
--Guido van Rossum (home page: http://www.python.org/~guido/)
More information about the Python-Dev
mailing list