[Python-Dev] CVE tracking (original) (raw)

Brett Cannon brett at python.org
Mon Nov 24 20:28:12 CET 2008

• Previous message: [Python-Dev] CVE tracking
• Next message: [Python-Dev] run 2to3 generated scripts under python2.6 + unicode + extension support
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Nov 24, 2008 at 10:43, Mart Somermaa <mrts at mrts.pri.ee> wrote:

When I looked through that list a week or so ago, I noticed that some issues were obviously related to the Python distribution itself, but others were appeared to be Python application problems. I looked through the list now and weeded out irrelevant CVEs (by putting them into the ignore list in the script). Also, now the output has descriptions of the CVEs as well, so it's more readable. Improved output: http://dpaste.com/hold/93386/ Improved script (with a proper IGNOREDLIST): http://dpaste.com/hold/93388/ The results are much better: 5 OK's, 8 WARNings, 7 ERRORs. Most of the errors are from 2007 or before, the only error from 2008 is an obscure Tools/faqwiz/move-faqwiz.sh-related one.

Thanks for doing this, Mart! But I know that at least for me I won't be able to look at the list until some time after 3.0 is released. And I suspect I am not the only member of the PSRT that this will be true for.

If anyone wants to toss this list up on the wiki and go through to help figure out what is needed for each (and either update the CVE as needed or file an issue on the bug tracker mentioning the CVE; bonus if you fix it as well) that would be helpful.

-Brett

• Previous message: [Python-Dev] CVE tracking
• Next message: [Python-Dev] run 2to3 generated scripts under python2.6 + unicode + extension support
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list