[Python-Dev] CVE tracking (original) (raw)
Mart Somermaa mrts at mrts.pri.ee
Thu Nov 20 10:37:31 CET 2008
- Previous message: [Python-Dev] [Python-3000] 2.6.1 and 3.0
- Next message: [Python-Dev] CVE tracking
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello!
Does someone systematically track the CVE vulnerability list?
Ideally, Python security officers would have close collaboration with whoever manages CVE (like distribution security officers do), so that
every CVE issue would have a corresponding ticket on Python bug tracker (perhaps the process can be automated to some degree?)
that ticket would be referred to in CVE vulnerability page "References" section (see e.g. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315 , that does not have a corresponding Python bug tracker link)
all CVE issues would be listed in http://www.python.org/news/security/ with corresponding information about when the fix has been or will be commited and which upcoming or past release incorporates it.
Some relevant links: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=python http://secunia.com/advisories/product/14172/?task=advisories
- Previous message: [Python-Dev] [Python-3000] 2.6.1 and 3.0
- Next message: [Python-Dev] CVE tracking
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]