Martin Schulze wrote:
I'd rather know about the vulnerability (and maybe doko is able to implement a fix) than to blindly castrate software. Theo d.R. already taught us that blindly releasing updates are not good.
Here's some relevant links for the bugs:
Deleting __builtins__: http://python.org/sf/577530
Modifying new-style classes: http://mail.python.org/pipermail/python-dev/2002-December/031160.html
Final thread about dropping rexec: http://mail.python.org/pipermail/python-dev/2003-January/031842.html
Please note that the two bugs described above are only the two *known* bugs - nobody knows how many other bugs there are in rexec.
--
"Hanging is too good for a man who makes puns; he should be drawn and quoted."
-- Fred Allen