[Python-Dev] Python Remote Code Execution in socket.recvfrom_into()
Wes Turner
wes.turner at gmail.com
Wed Feb 26 06:33:09 CET 2014
On 2/25/14, Victor Stinner <victor.stinner at gmail.com> wrote:
> Hi,
>
> 2014-02-25 8:53 GMT+01:00 Nick Coghlan <ncoghlan at gmail.com>:
>> I've checked these, and noted the relevant hg.python.org links on the
>> tracker issue at http://bugs.python.org/issue20246
>
> Would it be possible to have a table with all known Python security
> vulnerabilities and the Python versions which are fixed? Bonus point
> if we provide a link to the changeset fixing it for each branch. Maybe
> put this table on http://www.python.org/security/ ?
For http://www.python.org/security/ :
Here's a start at an issue tracker query for open and closed issues
with 'Type: Security':
http://bugs.python.org/issue?%40search_text=&ignore=file%3Acontent&title=&%40columns=title&id=&%40columns=id&stage=&creation=&%40sort=creation&creator=&activity=&%40columns=activity&actor=&nosy=&type=4&components=&versions=&%40columns=versions&dependencies=&assignee=&keywords=&priority=&%40group=priority&status=&%40columns=status&resolution=&nosy_count=&message_count=&%40pagesize=200&%40startwith=0&%40action=search
Here's a list of filed CVEs with Python in the vendor field:
http://www.cvedetails.com/vulnerability-list/vendor_id-10210/product_id-18230/Python-Python.html
When referring to security issues, it may be helpful to reference the
CVE codes and tracker IDs.
>
> Last issues:
> - hash DoS
> - sock.recvfrom_into()
> - DoS with very long lines in HTTP, FTP, etc. protocols
> - etc.
>
> Victor
> _______________________________________________
> Python-Dev mailing list
> Python-Dev at python.org
> https://mail.python.org/mailman/listinfo/python-dev
> Unsubscribe:
> https://mail.python.org/mailman/options/python-dev/wes.turner%40gmail.com
>
--
--
Wes Turner
More information about the Python-Dev
mailing list