Hi, On Wednesday 07 February 2018 12:54 PM, Brian May wrote: > > Hello, > > I see you have claimed Python2.7 but not Python2.6, which both have the > same vulnerability. CVE-2018-1000030 > > Upstream have decided that this is not a security issue, and it has been > marked no-DSA in Jessie and Stretch. https://bugs.python.org/issue31530 > > Do you have any objections to marking python2.6 and python2.7 as no-DSA > in wheezy too? > > Regards >
No, I don't have any objection. :) I tried to reproduce this CVE with the given POC from upstream bug report. But 8 out of 10 I didn't see any. As security team already marked it as no-dsa we can do the same.
