[Python-Dev] Proposed dates for Python 3.4.10 and Python 3.5.7
vstinner at redhat.com
Fri Feb 15 06:28:45 EST 2019
Le ven. 15 févr. 2019 à 12:07, Miro Hrončok <mhroncok at redhat.com> a écrit :
> I've checked Fedora CVE bugs against python 3.4 and 3.5. Here is one missing I
> CVE-2018-20406 https://bugs.python.org/issue34656
> memory exhaustion in Modules/_pickle.c:1393
> Marked as resolved, but I don't see it fixed on 3.5 or 3.4.
> Should we get it fixed? openSUSE AFAK has backported the patch.
I'm working on fixes :-) I had a draft email but you was faster than
me to post yours.
Le ven. 15 févr. 2019 à 03:29, Larry Hastings <larry at hastings.org> a écrit :
> What's going in these releases? Not much. I have two outstanding PRs against 3.5:
> bpo-33127 GH-10994: Compatibility patch for LibreSSL 2.7.0
> bpo-34623 GH-9933: XML_SetHashSalt in _elementtree
According to my tool tracking security fixes, 3.5 lacks fixes for:
> and one PR against 3.4:
> bpo-34623 GH-9953: Use XML_SetHashSalt in _elementtree
and 3.4 lacks fixes for:
Matej Cepl backported the change to 3.4, but the patch should be
converted into a PR
Night gathers, and now my watch begins. It shall not end until my death.
More information about the Python-Dev