Le samedi 03 juillet 2010 12:17:16, Mark Dickinson a écrit : > On Sat, Jul 3, 2010 at 4:28 AM, Benjamin Peterson <benjamin at python.org> wrote: > > This is just a note that we have one bug blocking 2.7 final at the > > moment: http://bugs.python.org/issue9144 > > I've just made http://bugs.python.org/issue7673 a release blocker too, > I'm afraid. It's a potential security vulnerability in the audioop > module. (CVE-2010-2089) At least, Fedora consider it as a security vulnerability: https://bugzilla.redhat.com/show_bug.cgi?id=598197 I agree because the crash is caused by the input data. > It's got a reviewed patch, and is ready to be committed Thanks because my first patch was incomplete :-) > but if you're not comfortable with fixing it this late > then that's completely understandable. In the worst case, a function rejects valid data. If I have to choose, I prefer to reject valid data than a security vulnerability. But audioop has tests and I don't think that my patch breaks anything :-) -- Victor Stinner http://www.haypocalc.com/
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4