Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://mail.python.org/pipermail/python-dev/2008-November/083628.html below:

[Python-Dev] CVE tracking

• Previous message: [Python-Dev] [Python-3000] 2.6.1 and 3.0
• Next message: [Python-Dev] CVE tracking
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello!

Does someone systematically track the CVE vulnerability list?

Ideally, Python security officers would have close collaboration with 
whoever
manages CVE (like distribution security officers do), so that

 * every CVE issue would have a corresponding ticket on Python bug tracker
   (perhaps the process can be automated to some degree?)

 * that ticket would be referred to in CVE vulnerability page "References"
   section (see e.g.
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315 ,
   that does not have a corresponding Python bug tracker link)

 * all CVE issues would be listed in 
http://www.python.org/news/security/ with
   corresponding information about when the fix has been or will be commited
   and which upcoming or past release incorporates it.

Some relevant links:
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=python
http://secunia.com/advisories/product/14172/?task=advisories

• Previous message: [Python-Dev] [Python-3000] 2.6.1 and 3.0
• Next message: [Python-Dev] CVE tracking
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4