[Security-sig] 3.3 and 3.4 branches not well maintained
Victor Stinner
victor.stinner at gmail.com
Tue Feb 21 13:07:57 EST 2017
Hi,
I completed my list of vulnerabilities. It helps to track if a
vulnerability has been fixed in all security maintained branches.
http://python-security.readthedocs.io/vulnerabilities.html
Currently, the following branches are maintained for security: 2.7,
3.3, 3.4, 3.4, 3.5 and 3.6
https://docs.python.org/devguide/#status-of-python-branches
I looked at the 5 latest vulnerabilities, and we didn't backport fixes
to all maintained branches:
Issue #28563:
3.3 backported, no release yet
CVE-2016-2183:
3.3 and 3.4 not fixed yet <====
https://bugs.python.org/issue27850#msg275073
CVE-2016-1000110
3.3 backported, no release yet
CVE-2016-0772
3.3 needs backport <====
Issue #26657
3.3 and 3.4 need backport <====
Maybe a 3.3 release may be needed as well.
Victor
More information about the Security-SIG
mailing list