On Mon, Nov 24, 2008 at 10:43, Mart Somermaa <[EMAIL PROTECTED]> wrote:
>> When I looked through that list a week or so ago, I noticed that some
>> issues were obviously related to the Python distribution itself, but others
>> were appeared to be Python application problems.
>
> I looked through th
When I looked through that list a week or so ago, I noticed that some
issues were obviously related to the Python distribution itself, but
others were appeared to be Python application problems.
I looked through the list now and weeded out irrelevant CVEs (by putting them
into
the ignore list
Mart Somermaa wrote:
I created a script that parses the
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=python
Python-related CVE list and classifies the CVEs as follows:
* "ok" -- CVE has references to bugs.python.org
* "warnings" -- CVE has references to Python SVN revisions
or an issue in
I created a script that parses the
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=python
Python-related CVE list and classifies the CVEs as follows:
* "ok" -- CVE has references to bugs.python.org
* "warnings" -- CVE has references to Python SVN revisions
or an issue in bugs.python.org refers
Perl had a few CVE because of its rmtree implementation. Removing
trees is risky business if root runs the function while other users
have access to manipulate the tree. Python's shutils.rmtree seems to
have many of the same issues.
For instance http://bugs.debian.org/286922 shows how to ge
Hello!
Does someone systematically track the CVE vulnerability list?
Ideally, Python security officers would have close collaboration with
whoever
manages CVE (like distribution security officers do), so that
* every CVE issue would have a corresponding ticket on Python bug tracker
(perhaps
