[Security-sig] New report of Python vulnerabilities
Victor Stinner
victor.stinner at gmail.com
Fri Mar 10 08:25:57 EST 2017
Hi,
I made major enhancements in my tool to generate reports on Python
vulnerabilities.
* A timeline is now automatically generated using the different dates:
initial report date, disclosure date, commits, Python releases, etc.
* CVE details are now downloaded automatically, so it's not more
filled manually in the YAML file.
* Each vulnerability has now its own page
Good example showing everything altogether, the Sweet32 attack:
http://python-security.readthedocs.io/vuln/cve-2016-2183_sweet32_attack_des_3des.html
The next step is to make sure that all maintained branches got a fix!
I should enhance the tool to compute the list of vulnerable Python
versions.
Victor
More information about the Security-SIG
mailing list