Python 2.5.3: call for patches

troelswh at gmail.com troelswh at gmail.com
Fri Oct 10 20:15:02 CEST 2008


On Oct 7, 9:27 am, "Martin v. Löwis" <mar... at v.loewis.de> wrote:
> In principle, the release will include all changes that are already on
> the release25-maint branch in subversion [1]. If you think that specific
> changes should be considered, please create an issue in the bug tracker
> [2], and label it with the 2.5.3 version. Backports of changes that
> are already released in Python 2.6 but may apply to 2.5 are of
> particular interest.

There is a number of Python 2.5.2 security vulnerabilities registered
with CVE. It would be great if the 2.5.3 release included fixes for
all of these!

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3144
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2316
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1887
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1721
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1679

For some reason none of these have made it into Python security
advisories (http://www.python.org/news/security/), but many vendors
who ship Python have released patched versions already.

Regards,
Troels



More information about the Python-list mailing list