[issue16248] Security bug in tkinter allows for untrusted, arbitrary code execution.
Zachary Ware
report at bugs.python.org
Thu Aug 8 04:46:24 CEST 2013
Zachary Ware added the comment:
Antoine Pitrou wrote:
> I've committed a fix to 2.7 (I hope it's really a fix, since I don't know how to test it).
> I'll let Benjamin and Barry decide whether to backport to 2.6 and 3.2.
> As for 3.1, it's pretty much dead.
That fix does work, but it should probably get a NEWS entry since it fixes a regression from 2.7.3 to 2.7.5.
Also, I think the same fix should be backported to all three of 2.6, 3.1, and 3.2. The same regression as in 2.7.5 exists in 3.2.5, and would be introduced by the next (last?) releases of 2.6 and 3.1.
Sorry to have broken every possible version of Python :S
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue16248>
_______________________________________
More information about the Python-bugs-list
mailing list