Canonical list of Python security vulnerabilities
Can someone point me to the official catalog of security vulnerabilities in Python (by which I mean cpython and the standard libraries)? I found https://www.cvedetails.com/vulnerability-list/vendor_id-10210/product_id-18230/Python-Python.html but that isn't maintained by python.org. I also found security-annou...@python.org, but there hasn't been anything posted there in over a year as far as I can tell, and even before that it's pretty thin. If there's a better place to ask, please advise. Thanks. -- Bob Kline https://www.rksystems.com mailto:bkl...@rksystems.com -- https://mail.python.org/mailman/listinfo/python-list
Re: Canonical list of Python security vulnerabilities
On Fri, Jul 14, 2023 at 1:35 PM Bob Kline wrote: > Can someone point me to the official catalog of security vulnerabilities > in Python I did try entering "python security vulnerabilities" in the search box of the python.org web site, but what I got back was "No results found." -- https://mail.python.org/mailman/listinfo/python-list
Re: Canonical list of Python security vulnerabilities
On Fri, Jul 14, 2023 at 3:02 PM Barry wrote: > Where do you get your python from? Directly from python.org. > You may find that the organisation that packages python that you use has such > a list. That's my hope. Just haven't found it yet. :-} -- https://mail.python.org/mailman/listinfo/python-list
Re: Canonical list of Python security vulnerabilities
On Sat, Jul 15, 2023 at 1:02 PM Dieter Maurer wrote: > > I am active in the `Zope` community (a web application server > based on Python). This community has a security mailing list > for security related reports > and issues public CVE (= "Commun Vulnerabilities and Exposures") reports > (via a "GitHUB" service) as soon as a security risk has been resolved. > > I expect that security risks for Python itself are handled in > a similar way (as, Python too, maintains its code on "GitHUB"). Yes the Python community does have a security mailing list, but as I noted earlier, it appears to be moribund. And yes, the cpython GitHub repository does have a security tab, but it reports "There aren’t any published security advisories." > ... > For details about CVE, read > "https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures";. Thanks for the link, Dieter. I found the NIST search interface to be buggy, and there doesn't seem to be a way to search the Mitre site effectively to get vulnerabilities just for the Python language and standard libraries. I've downloaded the entire corpus of JSON CVEs and I'm digging into what would be involved in querying it myself. Cheers, Bob -- https://mail.python.org/mailman/listinfo/python-list
