[Python-Dev] Python Remote Code Execution in socket.recvfrom_into()

Wes Turner wes.turner at gmail.com
Wed Feb 26 06:33:09 CET 2014

On 2/25/14, Victor Stinner <victor.stinner at gmail.com> wrote:
> Hi,
> 2014-02-25 8:53 GMT+01:00 Nick Coghlan <ncoghlan at gmail.com>:
>> I've checked these, and noted the relevant hg.python.org links on the
>> tracker issue at http://bugs.python.org/issue20246
> Would it be possible to have a table with all known Python security
> vulnerabilities and the Python versions which are fixed? Bonus point
> if we provide a link to the changeset fixing it for each branch. Maybe
> put this table on http://www.python.org/security/ ?

For http://www.python.org/security/ :

Here's a start at an issue tracker query for open and closed issues
with 'Type: Security':


Here's a list of filed CVEs with Python in the vendor field:


When referring to security issues, it may be helpful to reference the
CVE codes and tracker IDs.

> Last issues:
> - hash DoS
> - sock.recvfrom_into()
> - DoS with very long lines in HTTP, FTP, etc. protocols
> - etc.
> Victor
> _______________________________________________
> Python-Dev mailing list
> Python-Dev at python.org
> https://mail.python.org/mailman/listinfo/python-dev
> Unsubscribe:
> https://mail.python.org/mailman/options/python-dev/wes.turner%40gmail.com

Wes Turner

More information about the Python-Dev mailing list