[Python-Dev] CVE tracking

Brett Cannon brett at python.org
Mon Nov 24 20:28:12 CET 2008

On Mon, Nov 24, 2008 at 10:43, Mart Somermaa <mrts at mrts.pri.ee> wrote:
>> When I looked through that list a week or so ago, I noticed that some
>> issues were obviously related to the Python distribution itself, but others
>> were appeared to be Python application problems.
> I looked through the list now and weeded out irrelevant CVEs (by putting
> them into
> the ignore list in the script).
> Also, now the output has descriptions of the CVEs as well, so it's more
> readable.
> Improved output: http://dpaste.com/hold/93386/
> Improved script (with a proper IGNORED_LIST): http://dpaste.com/hold/93388/
> The results are much better:
> 5 OK's, 8 WARNings, 7 ERRORs.
> Most of the errors are from 2007 or before, the only error from 2008 is an
> obscure Tools/faqwiz/move-faqwiz.sh-related one.

Thanks for doing this, Mart! But I know that at least for me I won't
be able to look at the list until some time after 3.0 is released. And
I suspect I am not the only member of the PSRT that this will be true

If anyone wants to toss this list up on the wiki and go through to
help figure out what is needed for each (and either update the CVE as
needed or file an issue on the bug tracker mentioning the CVE; bonus
if you fix it as well) that would be helpful.


More information about the Python-Dev mailing list