[Security-sig] HTML page of Python security vulnerabilities
Wes Turner
wes.turner at gmail.com
Sat Feb 18 12:53:23 EST 2017
2008-Present
http://www.cvedetails.com/product/18230/Python-Python.html?vendor_id=10210
There's a download link, but AFAICT not an API
On Friday, February 17, 2017, Victor Stinner <victor.stinner at gmail.com>
wrote:
> Hi,
>
> I wrote a tool to generate an HTML report on Python security
> vulnerabilities. It takes the following YAML file as input:
> https://github.com/haypo/python-security/blob/master/vulnerabilities.yml
>
> And Python release dates, file written manually from Misc/NEWS:
> https://github.com/haypo/python-security/blob/master/python_releases.txt
>
> The output is the HTML page:
> http://python-security.readthedocs.io/en/latest/vulnerabilities.html
>
> For each vulnerability, you have a description and a list of links.
> From a list of commits, the tool computes the fixed Python and the
> number of days Python was vulnerable.
>
> Can you please check data of my two input files?
>
> What do you think of the page? Is it useful?
>
> TODO:
>
> * fix render_doc.py to support multiple lines in the table
> * add title to links
> * find the YAML syntax for "Issue #26657" :-) Current, #xxx is ignored
> since it's seen as a comment
> * maybe document in the YAML file how the Disclosure date was chosen
>
> Maybe I should add a "vulnerable" column to list Python versions which
> are vulnerable.
>
> If you consider the data useful and the data are double checked, the
> next step will to announce it.
>
> Later, I plan to slowly fill vulnerabilities.yml with recent
> vulnerabilities, and then with older vulnerabilities.
>
> FYI a few months ago, I generated the page manually, but quickly I
> realized that it's painful to compute all data and also to maintain
> manually such list. My old page:
> http://haypo-notes.readthedocs.io/python_security.html
>
> Victor
> _______________________________________________
> Security-SIG mailing list
> Security-SIG at python.org <javascript:;>
> https://mail.python.org/mailman/listinfo/security-sig
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/security-sig/attachments/20170218/9113ca55/attachment.html>
More information about the Security-SIG
mailing list