[Python-Dev] CVE tracking
mrts at mrts.pri.ee
Thu Nov 20 10:37:31 CET 2008
Does someone systematically track the CVE vulnerability list?
Ideally, Python security officers would have close collaboration with
manages CVE (like distribution security officers do), so that
* every CVE issue would have a corresponding ticket on Python bug tracker
(perhaps the process can be automated to some degree?)
* that ticket would be referred to in CVE vulnerability page "References"
section (see e.g.
that does not have a corresponding Python bug tracker link)
* all CVE issues would be listed in
corresponding information about when the fix has been or will be commited
and which upcoming or past release incorporates it.
Some relevant links:
More information about the Python-Dev