On 25 February 2014 17:39, Christian Heimes <christ...@python.org> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Hi, > > this looks pretty serious -- and it caught me off guard, too. :( > > https://www.trustedsec.com/february-2014/python-remote-code-execution-socket-recvfrom_into/ > > Next time please inform the Python Security Response Team about any > and all issues that are related to buffer overflows or similar bugs. > In fact please drop a note about anything that even remotely look like > an exploitable issue. Even public bug reports should be forwarded to PSRT. > > I have requested a CVE number. How about security releases? The > upcoming 3.3 and 3.4 release should contain the fix (not verified > yet).
I've checked these, and noted the relevant hg.python.org links on the tracker issue at http://bugs.python.org/issue20246 > Python 2.7 to 3.2 will need a security release, though. Agreed. Cheers, Nick. -- Nick Coghlan | ncogh...@gmail.com | Brisbane, Australia _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
