On 15. 02. 19 3:29, Larry Hastings wrote:
If you have anything you think needs to go into the next 3.5, or the final 3.4, and it's /not/ listed above, please either file a GitHub PR, file a release-blocker bug on bpo, or email me directly.

I've checked Fedora CVE bugs against python 3.4 and 3.5. Here is one missing I found:

CVE-2018-20406 https://bugs.python.org/issue34656
memory exhaustion in Modules/_pickle.c:1393
Marked as resolved, but I don't see it fixed on 3.5 or 3.4.

Should we get it fixed? openSUSE AFAK has backported the patch.

--
Miro Hrončok
--
Phone: +420777974800
IRC: mhroncok
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Reply via email to