On 25 February 2014 17:39, Christian Heimes <christian at python.org> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Hi, > > this looks pretty serious -- and it caught me off guard, too. :( > > https://www.trustedsec.com/february-2014/python-remote-code-execution-socket-recvfrom_into/ > > Next time please inform the Python Security Response Team about any > and all issues that are related to buffer overflows or similar bugs. > In fact please drop a note about anything that even remotely look like > an exploitable issue. Even public bug reports should be forwarded to PSRT. > > I have requested a CVE number. How about security releases? The > upcoming 3.3 and 3.4 release should contain the fix (not verified > yet). I've checked these, and noted the relevant hg.python.org links on the tracker issue at http://bugs.python.org/issue20246 > Python 2.7 to 3.2 will need a security release, though. Agreed. Cheers, Nick. -- Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4