[Python-Dev] [python-committers] Winding down 3.4
Victor Stinner
vstinner at redhat.com
Mon Aug 20 08:52:28 EDT 2018
> "shutil copy* unsafe on POSIX - they preserve setuid/setgit bits"
> https://bugs.python.org/issue17180
There is no fix. A fix may break the backward compatibility. Is it really
worth it for the last 3.4 release?
> "XML vulnerabilities in Python"
> https://bugs.python.org/issue17239
Bug inactive since 2015. I don't expect that anyone will step in next weeks
with a wonderful solution to all XML issues. I suggest to ignore this one
as well, this issue is as old as XML support in Python and I am not aware
of any victim of these issues.
Obviously, it would be "nice" to see a fix for these issues but it seems
like core devs are more interested to work on other topics and other
security issues.
> "fflush called on pointer to potentially closed file" (Windows only)
> https://bugs.python.org/issue19050
It seems like two core devs are opposed to fix this issue.
--
There are open security issues on the HTTP server and urllib. I am more
concerned by these issues, but it's hard to fix them, there is a risk of
introducing regressions.
Victor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20180820/581125e3/attachment.html>
More information about the Python-Dev
mailing list