Martin v. Löwis schrieb: >> I would like to apply fixes for some CVE's which are addressed in 2.5 but not >> yet in 2.4. this would include >> >> CVE-2007-4965 >> CVE-2008-1679 >> CVE-2008-1721 >> CVE-2008-2315 >> CVE-2008-3144 >> CVE-2008-1887 >> CVE-2008-4864 > > Can you identify the revisions that would need backporting? > > I could only find (trunk revisions) > CVE-2007-4965: r65880 > CVE-2008-1721: r62235, issue2586 > CVE-2008-3144: issue2588, issue2589, r63734, r63728. > CVE-2008-1887: issue2587, r62261, r62271 > CVE-2008-4864: r66689 > > So what about > > CVE-2008-1679: claimed to be issue1179 in the CVE, but > that says it fixes CVE-2007-4965 only?
the original fix for CVE-2007-4965 did miss two chunks, which are included in r65878 on the 2.5 branch. > CVE-2008-2315 this is r65334 on the 2.5 branch and r65335 on the trunk: Security patches from Apple: prevent int overflow when allocating memory this was already checked in, with an added NEWS item in 2.4.5. Moved this to 2.4.6. > In principle, this is fine with me, so go ahead. Done. -- http://mail.python.org/mailman/listinfo/python-list
