[EMAIL PROTECTED] wrote: > On Oct 7, 9:27 am, "Martin v. Löwis" <[EMAIL PROTECTED]> wrote: >> In principle, the release will include all changes that are already on >> the release25-maint branch in subversion [1]. If you think that specific >> changes should be considered, please create an issue in the bug tracker >> [2], and label it with the 2.5.3 version. Backports of changes that >> are already released in Python 2.6 but may apply to 2.5 are of >> particular interest. > > There is a number of Python 2.5.2 security vulnerabilities registered > with CVE. It would be great if the 2.5.3 release included fixes for > all of these! > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3144 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3142 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2316 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1887 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1721 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1679
Yes! > For some reason none of these have made it into Python security > advisories (http://www.python.org/news/security/), but many vendors > who ship Python have released patched versions already. Yes, this is strange. I asked for this a couple of weeks ago. That the upstream release is behind the packages shipped by vendors regarding security patches is pretty poor. Ciao, Michael. -- http://mail.python.org/mailman/listinfo/python-list
