Serhiy Storchaka added the comment:
Please review.
--
keywords: +needs review
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13454
___
___
Changes by Serhiy Storchaka storch...@gmail.com:
--
nosy: -serhiy.storchaka
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue15114
___
___
Changes by Serhiy Storchaka storch...@gmail.com:
--
nosy: -serhiy.storchaka
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16076
___
___
Roundup Robot added the comment:
New changeset 639dd6e62de4 by Andrew Svetlov in branch '2.7':
Issue #1207589: Add Cut/Copy/Paste items to IDLE right click Context Menu
http://hg.python.org/cpython/rev/639dd6e62de4
New changeset 66643fcf6ee9 by Andrew Svetlov in branch '3.2':
Issue #1207589:
Andrew Svetlov added the comment:
Committed. Thanks to all.
Keeping in mind idlelib is a bit specific part of stdlib which cannot make
backward incompatibility I've committed to 2.7, 3.2, 3.3 and 3.4.
--
resolution: accepted - fixed
stage: patch review - committed/rejected
status: open
Guilherme Polo added the comment:
It is not IDLE specific. But I still fail to see how this actually is a
security bug. It doesn't give more power to the user than the user already
gave to it. If you are recklessly installing untrusted libraries or
anything for the matter, then you already have
Changes by Serhiy Storchaka storch...@gmail.com:
Removed file:
http://bugs.python.org/file25407/zipfile_unsupported_compression.patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue14313
___
Serhiy Storchaka added the comment:
Éric, this changes already in 3.3 (changeset 596b0eaeece8 + part of changeset
fccdcd83708a). This two patches only backport the fix to 2.7 and 3.2.
--
versions: -Python 3.3, Python 3.4
___
Python tracker
Serhiy Storchaka added the comment:
LGTM. But I left some minor comments in Rietveld.
--
nosy: +larry
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16145
___
Changes by Serhiy Storchaka storch...@gmail.com:
Removed file: http://bugs.python.org/file27424/json_errmsg.patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16009
___
Changes by Serhiy Storchaka storch...@gmail.com:
Removed file: http://bugs.python.org/file27425/json_errmsg_2.patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16009
___
Stefan Krah added the comment:
I also don't find the scenario where an attacker has write privileges
to a user's home directory so disturbing -- there are juicier targets
(like .bashrc).
This constructed example using /tmp is a little more troubling:
$ cd /tmp
$ echo 'print(exploit)' .Tk.py
Changes by Serhiy Storchaka storch...@gmail.com:
Removed file: http://bugs.python.org/file27433/json_errmsg_3.patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16009
___
Serhiy Storchaka added the comment:
Patch updated. Fixed a debug artifact and a deprecation warning.
--
Added file: http://bugs.python.org/file27833/json_errmsg_4.patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16009
Changes by Serhiy Storchaka storch...@gmail.com:
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16145
___
___
Python-bugs-list mailing list
Unsubscribe:
Changes by Serhiy Storchaka storch...@gmail.com:
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16145
___
___
Python-bugs-list mailing list
Unsubscribe:
Serhiy Storchaka added the comment:
Hmm. Is it a bugtracker bug? I don't know how I added Larry to the nosy list
and now I can not remove him.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16145
Changes by R. David Murray rdmur...@bitdance.com:
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16145
___
___
Python-bugs-list mailing list
Unsubscribe:
R. David Murray added the comment:
I don't know. I was able to remove him. (I have javascript turned off, don't
know if that makes any difference).
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16145
Arfrever Frehtes Taifersar Arahesis added the comment:
Probably Versions=Python 3.4 + Priority=release blocker results in addition
of 3.4 Release Manager (Larry Hastings) to nosy list.
--
___
Python tracker rep...@bugs.python.org
Serhiy Storchaka added the comment:
About patch. I think with is unnecessary here. One-line
self.assertRaises(UnicodeEncodeError, self.dumps, ch) looks better for me.
--
stage: - needs patch
___
Python tracker rep...@bugs.python.org
Changes by Andrew Svetlov andrew.svet...@gmail.com:
--
nosy: +asvetlov
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue15767
___
___
Larry Hastings added the comment:
Roundup knows I'm the release manager for 3.4? It's well-informed! ;-)
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16145
___
Changes by Kevin Chen mr.kevin.chen...@gmail.com:
--
nosy: +kevin.chen
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue15880
___
___
Serhiy Storchaka added the comment:
This behavior reproduced only on 2.7. See issue5799 which changed the behavior
for 3.1.
--
nosy: +larry, mhammond, serhiy.storchaka
versions: -Python 3.2, Python 3.3
___
Python tracker rep...@bugs.python.org
Changes by Zachary Ware zachary.w...@gmail.com:
Added file: http://bugs.python.org/file27834/issue15067_2.7_dead_pep.patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue15067
___
Changes by Zachary Ware zachary.w...@gmail.com:
Added file:
http://bugs.python.org/file27835/issue15067_2.7_sql_capitalization.patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue15067
___
Changes by Zachary Ware zachary.w...@gmail.com:
Added file: http://bugs.python.org/file27836/issue15067_3.2_updates.patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue15067
___
Zachary Ware added the comment:
Ok then, here's the split patches. 3.2_updates does have a few SQL
capitalization changes, but most of those are already present in 2.7, and
splitting out the rest would be more work than it's worth, I think.
--
Added file:
Ramchandra Apte added the comment:
On 2 November 2012 01:48, Stefan Krah rep...@bugs.python.org wrote:
Stefan Krah added the comment:
Isn't IDLE supposed to be a Python shell? As I understand this issue,
you'd have the same exploit by adding this to your .bashrc:
echo EXPLOIT
Ramchandra Apte added the comment:
Yes.
most of the bare excepts can be replaced with a stricter clause
On 2 November 2012 01:06, Andrew Svetlov rep...@bugs.python.org wrote:
Andrew Svetlov added the comment:
Sorry, looks like I don't understood you correctly.
Do you want to replace
101 - 131 of 131 matches
Mail list logo
