[Python-Dev] Python Remote Code Execution in socket.recvfrom_into()

Donald Stufft donald at stufft.io
Tue Feb 25 14:01:29 CET 2014


On Feb 25, 2014, at 7:59 AM, Maciej Fijalkowski <fijall at gmail.com> wrote:

> On Tue, Feb 25, 2014 at 11:13 AM, Victor Stinner
> <victor.stinner at gmail.com> wrote:
>> Hi,
>> 
>> 2014-02-25 8:53 GMT+01:00 Nick Coghlan <ncoghlan at gmail.com>:
>>> I've checked these, and noted the relevant hg.python.org links on the
>>> tracker issue at http://bugs.python.org/issue20246
>> 
>> Would it be possible to have a table with all known Python security
>> vulnerabilities and the Python versions which are fixed? Bonus point
>> if we provide a link to the changeset fixing it for each branch. Maybe
>> put this table on http://www.python.org/security/ ?
>> 
>> Last issues:
>> - hash DoS
> 
> is this fixed?
> _______________________________________________
> Python-Dev mailing list
> Python-Dev at python.org
> https://mail.python.org/mailman/listinfo/python-dev
> Unsubscribe: https://mail.python.org/mailman/options/python-dev/donald%40stufft.io

It is in 3.4.

-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/python-dev/attachments/20140225/ba22eb1f/attachment.sig>


More information about the Python-Dev mailing list