[Python-Dev] FWD: Python execvpe symlink race condition.
logistix
logi.stix@verizon.net
Sun, 16 Feb 2003 16:45:17 -0500
> -----Original Message-----
> From: python-dev-admin@python.org [mailto:python-dev-admin@python.org]
On
> Behalf Of Guido van Rossum
>
> > I glanced at the Debian bug report and saw that it was reporting an
> > exploit against 2.1.3. I see some value in doing a 2.1.4 release,
> > but not enough value to justify the work.
>
> Same here.
>
Shouldn't there be at least some notification to the community at large?
Something that requires the least amount of work possible short of doing
nothing at all. Like a notice that 2.1.3 has known security
vulnerabilities, and the recommended fix is to upgrade to 2.2.2 posted
on http://www.python.org/2.1/ , http://www.python.org/2.1.3/ and
python-announce. And possibly a python-security list for the future
that security minded people can subscribe to.