RHSA-2002:202-25
Skip Montanaro
skip at pobox.com
Wed Jan 29 12:15:18 EST 2003
>> This is in 2.2.1 and earlier. I believe the fix was applied to os.py
>> version 1.59 last August:
Yasushi> Python 1.5.2 and 2.1.3 also contains the fix?
I don't think so. Perhaps 1.5.2 doesn't have the vulnerability though. A
lot has changed in the os module since then. I don't have the source online
to check though. 2.1.3 has the bug though.
Yasushi> Many people are still using 1.5.2. and Zope users are using
Yasushi> 2.1.3.
1.5.2 is dead and gone. It's time to upgrade.
Attached is a context diff between os.py 1.58 and 1.59. You may be able to
manually apply it in concept to your 2.1.3 version of os.py.
Skip
-------------- next part --------------
A non-text attachment was scrubbed...
Name: os-bug.diff
Type: application/octet-stream
Size: 2640 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/python-list/attachments/20030129/6a5e134e/attachment.obj>
More information about the Python-list
mailing list