Control: forwarded -1 https://github.com/davidhalter/parso/issues/75
I wonder if this is going to pan out like CVE-2014-3539...unpatched upstream for five years. But on the upside, it's more difficult to exploit and lower severity. On a related note, could Rope's "signature verification [for] pickled data" form the basis of a solution? https://github.com/python-rope/rope/commit/b01da7aab5cd02129941d2a900e6e5e3b5f7d4fb Alternatively, if Debian doesn't have any network-enabled packages that use Parso, could the severity of this bug be lowered? Cheers, Nicholas
signature.asc
Description: PGP signature
