[Python-Dev] bugs.python.org is down at the moment (503)
and had been for at least a few minutes, so it is not just you ;-) --- Service Temporarily Unavailable The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later. Apache/2.2.16 (Debian) Server at bugs.python.org Port 443 -- Terry Jan Reedy ___ Python-Dev mailing list [email protected] https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] bugs.python.org is down at the moment (503)
Works for me, no problem. On Tue, Jun 20, 2017 at 02:34:24PM -0400, Terry Reedy wrote: > and had been for at least a few minutes, so it is not just you ;-) > > --- > Service Temporarily Unavailable > > The server is temporarily unable to service your request due to maintenance > downtime or capacity problems. Please try again later. > Apache/2.2.16 (Debian) Server at bugs.python.org Port 443 > -- > Terry Jan Reedy Oleg. -- Oleg Broytmanhttp://phdru.name/[email protected] Programmers don't die, they just GOSUB without RETURN. ___ Python-Dev mailing list [email protected] https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] bugs.python.org is down at the moment (503)
On 6/20/2017 2:34 PM, Terry Reedy wrote: and had been for at least a few minutes, so it is not just you ;-) --- Service Temporarily Unavailable The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later. Apache/2.2.16 (Debian) Server at bugs.python.org Port 443 Slightly slow, but working again. -- Terry Jan Reedy ___ Python-Dev mailing list [email protected] https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Python FTP Injections Allow for Firewall Bypass (oss-security advisory)
Hi, Re: "[Python-Dev] Python FTP Injections Allow for Firewall Bypass (oss-security advisory)" 2017-02-24 5:36 GMT+01:00 Steven D'Aprano : > I am not qualified to judge the merits of this, but it does seem > worrying that (alledgedly) the Python security team hasn't responded for > over 12 months. > > Is anyone able to comment? I don't have the archives of the PSRT mailing list and I'm not sure that I was subscribed when "the" email was sent. Does someone have the date of this email? It's to complete the new entry in my doc: http://python-security.readthedocs.io/vuln/urllib_ftp_protocol_stream_injection.html#urllib-ftp-protocol-stream-injection I don't want to blame anyone, I just want to collect data to help us to enhance our process to handle security vulnerabilities. FYI I tried to take care of a few security vulnerabilities recently, and as expected, each issue is more tricky than expected :-) While fixing http://bugs.python.org/issue30500 I noticed that urllib accepts newline characters in URLs. I don't know if it's deliberate or not... So I created a new issue http://bugs.python.org/issue30713 I updated expat from 2.1.1 to 2.2.0, but now the compilation fails in 2.7 on Windows with Visual Studio 2008. And just when I was done, expat 2.2.1 was released. I have to do the same job again :-) Victor ___ Python-Dev mailing list [email protected] https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Python FTP Injections Allow for Firewall Bypass (oss-security advisory)
I think that the first email about this was received from Timothy D. Morgan on 1/15/16. You should be able to get confirmation of this from Christian Heimes. I think that was a dark year for the PSRT. On Tue, Jun 20, 2017 at 3:35 PM, Victor Stinner wrote: > Hi, > > Re: "[Python-Dev] Python FTP Injections Allow for Firewall Bypass > (oss-security advisory)" > > 2017-02-24 5:36 GMT+01:00 Steven D'Aprano : > > I am not qualified to judge the merits of this, but it does seem > > worrying that (alledgedly) the Python security team hasn't responded for > > over 12 months. > > > > Is anyone able to comment? > > I don't have the archives of the PSRT mailing list and I'm not sure > that I was subscribed when "the" email was sent. Does someone have the > date of this email? It's to complete the new entry in my doc: > http://python-security.readthedocs.io/vuln/urllib_ > ftp_protocol_stream_injection.html#urllib-ftp-protocol-stream-injection > > I don't want to blame anyone, I just want to collect data to help us > to enhance our process to handle security vulnerabilities. > > FYI I tried to take care of a few security vulnerabilities recently, > and as expected, each issue is more tricky than expected :-) > > While fixing http://bugs.python.org/issue30500 I noticed that urllib > accepts newline characters in URLs. I don't know if it's deliberate or > not... So I created a new issue http://bugs.python.org/issue30713 > > I updated expat from 2.1.1 to 2.2.0, but now the compilation fails in > 2.7 on Windows with Visual Studio 2008. And just when I was done, > expat 2.2.1 was released. I have to do the same job again :-) > > Victor > ___ > Python-Dev mailing list > [email protected] > https://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: https://mail.python.org/mailman/options/python-dev/ > guido%40python.org > -- --Guido van Rossum (python.org/~guido) ___ Python-Dev mailing list [email protected] https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Python FTP Injections Allow for Firewall Bypass (oss-security advisory)
Thank you. Now you can admire the beautiful timeline :-) http://python-security.readthedocs.io/vuln/urllib_ftp_protocol_stream_injection.html#timeline Timeline using the disclosure date 2017-02-20 as reference: 2016-01-15 (-402 days): Reported (email sent to the PSRT list) 2017-02-20: Disclosure date (blog post, mail to oss-security) 2017-02-20 (+0 days): Python issue #29606 reported by ecbftw 2017-06-21 1:06 GMT+02:00 Guido van Rossum : > I think that the first email about this was received from Timothy D. Morgan > on 1/15/16. You should be able to get confirmation of this from Christian > Heimes. I think that was a dark year for the PSRT. > > On Tue, Jun 20, 2017 at 3:35 PM, Victor Stinner > wrote: >> >> Hi, >> >> Re: "[Python-Dev] Python FTP Injections Allow for Firewall Bypass >> (oss-security advisory)" >> >> 2017-02-24 5:36 GMT+01:00 Steven D'Aprano : >> > I am not qualified to judge the merits of this, but it does seem >> > worrying that (alledgedly) the Python security team hasn't responded for >> > over 12 months. >> > >> > Is anyone able to comment? >> >> I don't have the archives of the PSRT mailing list and I'm not sure >> that I was subscribed when "the" email was sent. Does someone have the >> date of this email? It's to complete the new entry in my doc: >> >> http://python-security.readthedocs.io/vuln/urllib_ftp_protocol_stream_injection.html#urllib-ftp-protocol-stream-injection >> >> I don't want to blame anyone, I just want to collect data to help us >> to enhance our process to handle security vulnerabilities. >> >> FYI I tried to take care of a few security vulnerabilities recently, >> and as expected, each issue is more tricky than expected :-) >> >> While fixing http://bugs.python.org/issue30500 I noticed that urllib >> accepts newline characters in URLs. I don't know if it's deliberate or >> not... So I created a new issue http://bugs.python.org/issue30713 >> >> I updated expat from 2.1.1 to 2.2.0, but now the compilation fails in >> 2.7 on Windows with Visual Studio 2008. And just when I was done, >> expat 2.2.1 was released. I have to do the same job again :-) >> >> Victor >> ___ >> Python-Dev mailing list >> [email protected] >> https://mail.python.org/mailman/listinfo/python-dev >> Unsubscribe: >> https://mail.python.org/mailman/options/python-dev/guido%40python.org > > > > > -- > --Guido van Rossum (python.org/~guido) ___ Python-Dev mailing list [email protected] https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
