Fredrik Lundh wrote: > Shane Hathaway wrote: > > > I don't know if this concern applies to Starship specifically, but it > > seems to apply to thousands of web sites running Python CGIs and > > Python web servers. > > so are we seeing thousands of web sites running Python CGIs and web > servers being attacked right now?
No, but it often takes a long time for servers to get patched, so the window for intruders is going to be open for a while. I'm trying to understand: a) how urgent and/or exploitable this is, b) how I can check whether a given Python installation (running on a server) has been patched, and c) whether the security advisory downplays the risk more than it should, since it appears that many Zope/Plone web servers are vulnerable. Shane -- http://mail.python.org/mailman/listinfo/python-list