[Python-Dev] [python-committers] [RELEASED] Python 3.4.9 and Python 3.5.6 are now available
Victor Stinner
vstinner at redhat.com
Thu Aug 2 10:17:53 EDT 2018
Hi,
2018-08-02 16:00 GMT+02:00 Larry Hastings <larry at hastings.org>:
> On behalf of the Python development community, I'm happy to announce the
> availability of Python 3.4.9 and Python 3.5.6.
Great! FYI these versions fix two security vulnerabilities:
(*) CVE-2018-1000117: Buffer overflow vulnerability in os.symlink on Windows
http://python-security.readthedocs.io/vuln/cve-2018-1000117_buffer_overflow_vulnerability_in_os.symlink_on_windows.html
(*) CVE-2018-1060: difflib and poplib catastrophic backtracking
http://python-security.readthedocs.io/vuln/cve-2018-1060_difflib_and_poplib_catastrophic_backtracking.html
3.4.9 and 3.5.6 have no more known security vulnerabilities :-)
Victor
More information about the Python-Dev
mailing list