Hello!
Does someone systematically track the CVE vulnerability list?
Ideally, Python security officers would have close collaboration with
whoever
manages CVE (like distribution security officers do), so that
* every CVE issue would have a corresponding ticket on Python bug tracker
(perhaps the process can be automated to some degree?)
* that ticket would be referred to in CVE vulnerability page "References"
section (see e.g.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315 ,
that does not have a corresponding Python bug tracker link)
* all CVE issues would be listed in
http://www.python.org/news/security/ with
corresponding information about when the fix has been or will be commited
and which upcoming or past release incorporates it.
Some relevant links:
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=python
http://secunia.com/advisories/product/14172/?task=advisories
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
