[Python-Dev] CVE tracking

Mart Somermaa mrts at mrts.pri.ee
Thu Nov 20 10:37:31 CET 2008


Does someone systematically track the CVE vulnerability list?

Ideally, Python security officers would have close collaboration with 
manages CVE (like distribution security officers do), so that

 * every CVE issue would have a corresponding ticket on Python bug tracker
   (perhaps the process can be automated to some degree?)

 * that ticket would be referred to in CVE vulnerability page "References"
   section (see e.g.
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315 ,
   that does not have a corresponding Python bug tracker link)

 * all CVE issues would be listed in 
http://www.python.org/news/security/ with
   corresponding information about when the fix has been or will be commited
   and which upcoming or past release incorporates it.

Some relevant links:

More information about the Python-Dev mailing list