[Python-Dev] Proposed dates for Python 3.4.10 and Python 3.5.7
Miro Hrončok
mhroncok at redhat.com
Fri Feb 15 06:01:15 EST 2019
On 15. 02. 19 3:29, Larry Hastings wrote:
> If you have
> anything you think needs to go into the next 3.5, or the final 3.4, and it's
> /not/ listed above, please either file a GitHub PR, file a release-blocker bug
> on bpo, or email me directly.
I've checked Fedora CVE bugs against python 3.4 and 3.5. Here is one missing I
found:
CVE-2018-20406 https://bugs.python.org/issue34656
memory exhaustion in Modules/_pickle.c:1393
Marked as resolved, but I don't see it fixed on 3.5 or 3.4.
Should we get it fixed? openSUSE AFAK has backported the patch.
--
Miro Hrončok
--
Phone: +420777974800
IRC: mhroncok
More information about the Python-Dev
mailing list