[Security-sig] HTML page of Python security vulnerabilities
Victor Stinner
victor.stinner at gmail.com
Mon Feb 20 19:00:11 EST 2017
Hi,
I fixed all FIXME and "completed" the list:
http://python-security.readthedocs.io/en/latest/vulnerabilities.html
IMHO the main missing information is the severity, but sadly I'm not
aware of any methodology in Python to choose a severity. Maybe we
would use the CVE severity when available?
Currently, the worst score is 881 days to fix a vulnerability. Many
"unlimited read" vulnerability got a bad score like that.
CVE-2013-1752 (smtplib)
Issue #16041: poplib: unlimited readline() from connection.
Issue #16043:Add a default limit for the amount of data
xmlrpclib.gzip_decode will return.
Fixed In:
2.7.9 (806 days): 2014-12-10, commit faad6bb (2014-12-06, 802 days)
3.2.6 (746 days): 2014-10-11, commit eaca861 (2014-09-30, 735 days)
3.4.3 (881 days): 2015-02-23, commit eaca861 (2014-09-30, 735 days)
Victor
More information about the Security-SIG
mailing list