Fredrik Lundh wrote: > [EMAIL PROTECTED] wrote: > > > Then perhaps you or he could explain it to us less intelligent > > people in very simple terms? > > the security advisory explains that the cause of the problem is a bug > in the source code used to implement repr() for 32-bit Unicode strings, > on all Python versions from 2.2 and onwards. > > Python 2.2 was released in 2001.
I admit I am totally flmmexed by your answer. What does when the bug was introduced have to do with anything? It is present in contemporary versions of Python. It "can lead to execution of arbitrary code". It is important enough to drive an "emergency" (my term) bug fix python release. It seems to have been disscussed publically starting around Oct 6 or 7 (I didn't do a though search so this may be wrong.) It was fixed in Python 2.5 so either it was treated as a ordinary bug with unrecognised security implications, or the developers were aware of the security issues and sat on them. Regardless, I don't see anything in the advisory that either makes it an unimportant issue, or makes clearly unrelated to the starship.python.net compromise. So could you please try to explain again in even simpler terms? -- http://mail.python.org/mailman/listinfo/python-list
