[Python-Dev] CVE tracking
Mart Somermaa
mrts at mrts.pri.ee
Thu Nov 20 10:37:31 CET 2008
Hello!
Does someone systematically track the CVE vulnerability list?
Ideally, Python security officers would have close collaboration with
whoever
manages CVE (like distribution security officers do), so that
* every CVE issue would have a corresponding ticket on Python bug tracker
(perhaps the process can be automated to some degree?)
* that ticket would be referred to in CVE vulnerability page "References"
section (see e.g.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315 ,
that does not have a corresponding Python bug tracker link)
* all CVE issues would be listed in
http://www.python.org/news/security/ with
corresponding information about when the fix has been or will be commited
and which upcoming or past release incorporates it.
Some relevant links:
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=python
http://secunia.com/advisories/product/14172/?task=advisories
More information about the Python-Dev
mailing list