[Python-Dev] Report on Python vulnerabilities
Victor Stinner
victor.stinner at gmail.com
Wed Feb 22 20:15:20 EST 2017
Hi,
I created a tool to generate a report on Python vulnerabilities:
http://python-security.readthedocs.io/vulnerabilities.html
I collected data of 41 vulnerabilities since 2007 (first Python CVE:
CVE-2007-4965).
If you would like to add data of a new vulnerability, enhance the
report, ... : see the GitHub project.
https://github.com/haypo/python-security
The main data file is vulnerabilities.yml (YAML). I also filled
manually the python_releases.txt: file: list of all release dates from
Python 2.5.0 to Python 3.6.0.
The tool compute the first Python release in each branch which
includes the fix from a list of commits.
The tool should help to track if vulnerabilities are fixed in all
supported Python versions (branches accepting security fixes).
I also started to collect some notes about Python security in general,
evolution of th ssl module, etc. in the same documentation.
Victor
More information about the Python-Dev
mailing list