On 2/25/14, Victor Stinner <victor.stin...@gmail.com> wrote: > Hi, > > 2014-02-25 8:53 GMT+01:00 Nick Coghlan <ncogh...@gmail.com>: >> I've checked these, and noted the relevant hg.python.org links on the >> tracker issue at http://bugs.python.org/issue20246 > > Would it be possible to have a table with all known Python security > vulnerabilities and the Python versions which are fixed? Bonus point > if we provide a link to the changeset fixing it for each branch. Maybe > put this table on http://www.python.org/security/ ?
For http://www.python.org/security/ : Here's a start at an issue tracker query for open and closed issues with 'Type: Security': http://bugs.python.org/issue?%40search_text=&ignore=file%3Acontent&title=&%40columns=title&id=&%40columns=id&stage=&creation=&%40sort=creation&creator=&activity=&%40columns=activity&actor=&nosy=&type=4&components=&versions=&%40columns=versions&dependencies=&assignee=&keywords=&priority=&%40group=priority&status=&%40columns=status&resolution=&nosy_count=&message_count=&%40pagesize=200&%40startwith=0&%40action=search Here's a list of filed CVEs with Python in the vendor field: http://www.cvedetails.com/vulnerability-list/vendor_id-10210/product_id-18230/Python-Python.html When referring to security issues, it may be helpful to reference the CVE codes and tracker IDs. > > Last issues: > - hash DoS > - sock.recvfrom_into() > - DoS with very long lines in HTTP, FTP, etc. protocols > - etc. > > Victor > _______________________________________________ > Python-Dev mailing list > Python-Dev@python.org > https://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: > https://mail.python.org/mailman/options/python-dev/wes.turner%40gmail.com > -- -- Wes Turner _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
