[Python-Dev] Report on Python vulnerabilities
Nick Coghlan
ncoghlan at gmail.com
Fri Feb 24 05:06:04 EST 2017
On 23 February 2017 at 11:15, Victor Stinner <victor.stinner at gmail.com>
wrote:
> Hi,
>
> I created a tool to generate a report on Python vulnerabilities:
>
> http://python-security.readthedocs.io/vulnerabilities.html
>
> I collected data of 41 vulnerabilities since 2007 (first Python CVE:
> CVE-2007-4965).
>
Very handy!
> If you would like to add data of a new vulnerability, enhance the
> report, ... : see the GitHub project.
>
> https://github.com/haypo/python-security
>
> The main data file is vulnerabilities.yml (YAML). I also filled
> manually the python_releases.txt: file: list of all release dates from
> Python 2.5.0 to Python 3.6.0.
>
> The tool compute the first Python release in each branch which
> includes the fix from a list of commits.
>
The main idea that comes to mind is finding a way to add a "Fixed In"
column to the summary table to get a quick overview of which versions were
affected.
Cheers,
Nick.
--
Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20170224/36dace50/attachment.html>
More information about the Python-Dev
mailing list