Who are the appropriate people to report security problems to in respect of a module included with the Python distribution? I don't feel it appropriate to be reporting it on general mailing lists.
-- http://mail.python.org/mailman/listinfo/python-list
