[EMAIL PROTECTED] wrote:
On Oct 7, 9:27 am, "Martin v. Löwis" <[EMAIL PROTECTED]> wrote:
In principle, the release will include all changes that are already on
the release25-maint branch in subversion [1]. If you think that specific
changes should be considered, please create an issue in the bug tracker
[2], and label it with the 2.5.3 version. Backports of changes that
are already released in Python 2.6 but may apply to 2.5 are of
particular interest.
There is a number of Python 2.5.2 security vulnerabilities registered
with CVE. It would be great if the 2.5.3 release included fixes for
all of these!
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3144
This references
http://bugs.python.org/issue2588
http://bugs.python.org/issue2589
both of which report fixes backported to 2.5.3
I will let you investigate whether the name is true of the rest, or
whether someone should be nudged to either report or submit a patch
or help review a patch.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2316
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1887
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1721
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1679
For some reason none of these have made it into Python security
advisories (http://www.python.org/news/security/), but many vendors
who ship Python have released patched versions already.
Presumably, none were considered really critical, or the volunteer core
developers were busy doing something else. Also, release schedules differ.
--
http://mail.python.org/mailman/listinfo/python-list
