[Python-Dev] blocking 2.7

Antoine Pitrou solipsis at pitrou.net
Sat Jul 3 12:43:16 CEST 2010


On Sat, 3 Jul 2010 11:17:16 +0100
Mark Dickinson <dickinsm at gmail.com> wrote:
> On Sat, Jul 3, 2010 at 4:28 AM, Benjamin Peterson <benjamin at python.org> wrote:
> > This is just a note that we have one bug blocking 2.7 final at the
> > moment: http://bugs.python.org/issue9144
> 
> I've just made http://bugs.python.org/issue7673 a release blocker too,
> I'm afraid.  It's a potential security vulnerability in the audioop
> module.  (CVE-2010-2089).  It's got a reviewed patch, and is ready to
> be committed, but if you're not comfortable with fixing it this late
> then that's completely understandable.

Interestingly, Victor filed both the issue and the initial patch five
months before the CVE alert. Well done Victor!





More information about the Python-Dev mailing list