Hi All,
We are facing some issue with the zlib package 1.2.11. Recently there was a
vulnerability in zlib and we had to upgrade to 1.2.12 on all supported platforms
We did that in all platforms including windows, python39.dll is now showing
1.2.12 but the problem is we use pyinstaller to generat
Hi All,
we are using the python 3.9.5 version in our application.
In 3.9.5 it is using libexpat 2.2.8 version, as part of the Black duck scan, it
is showing critical vulnerabilities in libexpat 2.2.8.
(CVE-2022-22824
CVE-2022-23990
CVE-2022-23852
CVE-2022-25236
CVE-2022-22823)
when there are a
Hi,
In the 3.10 branch, it became really hard to merge PRs because the
following ssl crashs on Windows:
https://bugs.python.org/issue44252
It has a failure rate 1/2 (on average) on the "Windows x86" and
"Windows x64" jobs of GitHub Action and on the Win32 and Win64 jobs of
the Azure Pipelines. I
Hi,
The Python bug tracker currently has 78 open issues of the type
Security. If you are looking for something to do to help the Python
project, please go through the list (search for open issues with
Type=security at bugs.python.org), discuss the different solutions how
to address these vulnerabi
hi my name is hadi
i'm from iran (the country which filtering others and be filtered by
others)
i have started programming with python about 3 months and i'm very
interested in learning programming and python language but duo to
limitations of technologies and filtering the learning sources in my
I have a large PR (https://github.com/python/cpython/pull/18239, for PEP
585) that's failing in the Azures pipeline on Win32 and Win64 only. My
trusty assistant who has a Windows laptop couldn't reproduce the failure.
Can I buy a hint from someone? Steve?
The relevant failure output is:
=
Hi,
Right now, there are 14 open issues with "test_asyncio" in the title.
Many test_asyncio tests have race conditions. I'm trying to fix them
one by one, but it takes time, and then new tests are added with new
race condition :-( For example, the following new test is failing
randomly on Windows:
On Wed, Apr 10, 2019 at 11:00 AM Ivan Pozdeev via Python-Dev <
python-dev@python.org> wrote:
>
> On 10.04.2019 7:30, Karthikeyan wrote:
>
> Thanks Gregory. I think it's a good tradeoff to ensure this validation
> only for URLs of http scheme.
>
> I also agree handling newline is little problematic
On 10.04.2019 7:30, Karthikeyan wrote:
Thanks Gregory. I think it's a good tradeoff to ensure this validation only for
URLs of http scheme.
I also agree handling newline is little problematic over the years and the discussion over the level at which validation should occur also
prolongs some
> 1. Is there a library of URL / Header injection tests e.g. for fuzzing
> that we could generate additional test cases with or from?
https://github.com/swisskyrepo/PayloadsAllTheThings seems to contain
payload related stuff but not sure how useful it is for URL parsing.
>
> 2. Are requests.get(
Hi,
I dig into Python code history and the bug tracker. I would like to
say that this issue is a work-in-progress since 2004. Different fixes
have been pushed, but there are *A LOT* of open issues:
https://bugs.python.org/issue30458#msg339846
I would suggest to discuss on https://bugs.python.org/
1. Is there a library of URL / Header injection tests e.g. for fuzzing that
we could generate additional test cases with or from?
2. Are requests.get() and requests.post() also vulnerable?
3. Despite the much-heralded UNIX pipe protocols' utility, filenames
containing newlines (the de-facto line
Thanks Gregory. I think it's a good tradeoff to ensure this validation only
for URLs of http scheme.
I also agree handling newline is little problematic over the years and the
discussion over the level at which validation should occur also prolongs
some of the patches. https://bugs.python.org/issu
On Tue, Apr 9, 2019 at 4:45 PM Karthikeyan wrote:
> I would recommend fixing it since it's potentially remote code execution
> on systems like Redis (latest versions of Redis have this mitigated) though
> I must admit I don't fully understand the complexity since there are
> multiple issues linke
I would recommend fixing it since it's potentially remote code execution on
systems like Redis (latest versions of Redis have this mitigated) though I
must admit I don't fully understand the complexity since there are multiple
issues linked. Go was also assigned a CVE for linked issue and it seemed
Hi,
In May 2017, user "Orange" found a vulnerability in the urllib fix for
CVE-2016-5699 (HTTP Header Injection vulnerability):
https://bugs.python.org/issue30458
It allows to inject arbitrary HTTP headers.
Copy of their message:
"""
Hi, the patch in CVE-2016-5699 can be broke by an addition s
I consider that it is a security vulneraibility and so should be fixed in
all supported branches including 3.3 and 3.4.
If someone is blocked for a legit usecase, an old Python version can be
used until we decide how to handle it.
I concur with you, I don't think that anyone uses filenames contai
On Sat, Jul 22, 2017 at 7:10 PM, Giampaolo Rodola'
wrote:
>
>
> On Sat, Jul 22, 2017 at 6:38 PM, Victor Stinner
> wrote:
>
>> Le 22 juil. 2017 8:04 AM, "Serhiy Storchaka" a
>> écrit :
>>
>> I think the only reliable way of fixing the vulnerability is rejecting or
>> escaping (as specified in RF
On Sat, Jul 22, 2017 at 6:38 PM, Victor Stinner
wrote:
> Le 22 juil. 2017 8:04 AM, "Serhiy Storchaka" a
> écrit :
>
> I think the only reliable way of fixing the vulnerability is rejecting or
> escaping (as specified in RFC 2640) CR and LF inside sent lines. Adding the
> support of RFC 2640 is a
Le 22 juil. 2017 8:04 AM, "Serhiy Storchaka" a écrit :
I think the only reliable way of fixing the vulnerability is rejecting or
escaping (as specified in RFC 2640) CR and LF inside sent lines. Adding the
support of RFC 2640 is a new feature and can be added only in 3.7. And this
feature should b
21.07.17 13:02, Victor Stinner пише:
Recently, two security vulnerabilities were reported in the urllib module:
https://bugs.python.org/issue30500
http://python-security.readthedocs.io/vuln/bpo-30500_urllib_connects_to_a_wrong_host.html#bpo-30500-urllib-connects-to-a-wrong-host
=> already fixed
> On Jul 21, 2017, at 3:45 AM, Victor Stinner wrote:
>
> Ok, I more concrete problem. To fix the "urllib FTP" bug, we have to
> find a balance between security (reject any URL looking like an
> attempt to counter the security protections) and backward
> compatibility (accept filenames containing
On Fri, Jul 21, 2017, at 08:43, Giampaolo Rodola' wrote:
> It took me a while to understand the security implications of this
> FTP-related bug, but I believe I got the gist of it here (I can
> elaborate further if it's not clear):
> https://github.com/python/cpython/pull/1214#issuecomment-29839316
On Fri, Jul 21, 2017 at 12:45 PM, Victor Stinner
wrote:
> 2017-07-21 12:02 GMT+02:00 Victor Stinner :
> > https://bugs.python.org/issue29606
> > http://python-security.readthedocs.io/vuln/urllib_
> ftp_protocol_stream_injection.html#urllib-ftp-protocol-stream-injection
> > => not fixed yet
>
> Ok
2017-07-21 12:02 GMT+02:00 Victor Stinner :
> https://bugs.python.org/issue29606
> http://python-security.readthedocs.io/vuln/urllib_ftp_protocol_stream_injection.html#urllib-ftp-protocol-stream-injection
> => not fixed yet
Ok, I more concrete problem. To fix the "urllib FTP" bug, we have to
find
Hi,
Recently, two security vulnerabilities were reported in the urllib module:
https://bugs.python.org/issue30500
http://python-security.readthedocs.io/vuln/bpo-30500_urllib_connects_to_a_wrong_host.html#bpo-30500-urllib-connects-to-a-wrong-host
=> already fixed in Python 3.6.2
https://bugs.pyth
Hi,
Sometimes, for an unknown reason, test_nntplib fails randomly:
http://bugs.python.org/issue19613
Martin Panter wrote a patch, but since I don't know how to reproduce
the bug, I'm unable to test it. Moreover, I don't know nntplib nor
test_nntplib, so I don't feel able to review it.
Sadly,
Yes
Thanks and Regards,
Amresh
From: Burkhard Meier
Date: Saturday, September 3, 2016 at 12:12 AM
To: Amresh Sajjanshetty
Cc: "python-dev@python.org"
Subject: Re: [Python-Dev] Need help in debugging the python core
You are using bash?
On Sep 2, 2016 8:56 AM, "Sajja
You are using bash?
On Sep 2, 2016 8:56 AM, "Sajjanshetty, Amresh" <
amresh.sajjanshe...@netapp.com> wrote:
> Dear All,
>
>
>
> I’m using asyncio and paramiko to multiplex different channels into a
> single SSH connection. Things were working fine till recently but suddenly
> started seeing that p
n-dev@python.org"
Subject: Re: [Python-Dev] Need help in debugging the python core
How could I help?
Burkhard
On Fri, Sep 2, 2016 at 10:47 AM, Victor Stinner
mailto:victor.stin...@gmail.com>> wrote:
Oh, I forgot to mention that it would help to get the Python traceback
on the crash. Try f
How could I help?
Burkhard
On Fri, Sep 2, 2016 at 10:47 AM, Victor Stinner
wrote:
> Oh, I forgot to mention that it would help to get the Python traceback
> on the crash. Try faulthandler: add faulthandler.enable() at the
> beginning of your program.
> https://docs.python.org/dev/library/faulth
Oh, I forgot to mention that it would help to get the Python traceback
on the crash. Try faulthandler: add faulthandler.enable() at the
beginning of your program.
https://docs.python.org/dev/library/faulthandler.html
Maybe I should write once tools to debug such bug :-)
Victor
___
2016-09-02 8:49 GMT+02:00 Sajjanshetty, Amresh :
> I’m using asyncio and paramiko to multiplex different channels into a single
> SSH connection.
Hum, asyncio found bugs in CPython. Please try with a more recent
version of CPython than 3.4.3 :-/
> Program terminated with signal 11, Segmentation f
Dear All,
I’m using asyncio and paramiko to multiplex different channels into a single
SSH connection. Things were working fine till recently but suddenly started
seeing that python getting crashed whenever I tried to write to the channel. I
have very limited knowledge on how python interpreter
Well, the stack trace was pointing to the line that called Tesseract, so I
figured that was the problem.
--
Ryan
[ERROR]: Your autotools build scripts are 200 lines longer than your
program. Something’s wrong.
http://kirbyfan64.github.io/
On May 5, 2016 11:24 AM, "MRAB" wrote:
>
> It looks to me
On Thu, May 05, 2016 at 05:23:02PM +0100, MRAB wrote:
> On 2016-05-05 16:26, Ryan Gonzalez wrote:
> >On Thu, May 5, 2016 at 3:24 AM, Deepak Srivastava
[ ... about three or four pages of quoting ... ]
> >Questions like this are better suited for python-list. [...]
> It looks to me that it's the u
On 2016-05-05 16:26, Ryan Gonzalez wrote:
On Thu, May 5, 2016 at 3:24 AM, Deepak Srivastava
mailto:d.srivastav...@gmail.com>> wrote:
Dear All,
I am new to python and very much excited to learn this technology.
I have done setup of python 3.5.1 with PyCharm community edition
On Thu, May 5, 2016 at 3:24 AM, Deepak Srivastava
wrote:
>
> Dear All,
>
> I am new to python and very much excited to learn this technology.
>
> I have done setup of python 3.5.1 with PyCharm community edition on
> windows 7(64bit service pack 1).
>
> I am trying to execute some piece of code bu
> Dear All,
> I am new to python and very much excited to learn this technology.
> I have done setup of python 3.5.1 with PyCharm community edition on windows
> 7(64bit service pack 1).
> I am trying to execute some piece of code but it fails . Requesting you to
> please help.
>
> My Piece of
Link to the thread on python-tulip:
https://groups.google.com/forum/#!topic/python-tulip/2snxuJY_Lx0
Victor
2014-01-29 Guido van Rossum :
> If you're interested, please see us on the python-tulip mailing list at
> Google Groups.
>
> --
> --Guido van Rossum (python.org/~guido)
>
>
If you're interested, please see us on the python-tulip mailing list at
Google Groups.
--
--Guido van Rossum (python.org/~guido)
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
https://
On Mon, Feb 6, 2012 at 11:32, Benjamin Peterson wrote:
> 2012/2/6 Brett Cannon :
> > Thanks for any help people can provide me on this now 5 year quest to get
> > this work finished.
>
> Fixed. (_PyExc_Init was behaving badly.)
That did it! Thanks, Benjamin! Doing one more -uall test run before
2012/2/6 Brett Cannon :
> Thanks for any help people can provide me on this now 5 year quest to get
> this work finished.
Fixed. (_PyExc_Init was behaving badly.)
--
Regards,
Benjamin
___
Python-Dev mailing list
Python-Dev@python.org
http://mail.pyth
Usually this means that you're not doing an INCREF in a place where you
should, and the object is kept alive by something else. Do you know which
object it is? That might really help... Possibly deleting the last
subinterpreter makes the refcount of that object go to zero. Of course it
could also b
So my grand quest for bootstrapping importlib into CPython is damn close to
coming to fruition; I have one nasty bug blocking my way and I can't figure
out what could be causing it. I'm hoping someone here will either know the
solution off the top of their head or will have the time to have a quick
Hello,
Antony Joseph wrote:
> Hi,
>
> My Code:
> mapi.MAPIInitialize(None)
> session = mapi.MAPILogonEx(0, MAPIProfile, None,
> mapi.MAPI_EXTENDED | mapi.MAPI_USE_DEFAULT)
>
> I am trying to send a mail using the extended MAPI interface, I am
> new to work with MA
Hi,
My Code:
mapi.MAPIInitialize(None)
session = mapi.MAPILogonEx(0, MAPIProfile, None,
mapi.MAPI_EXTENDED | mapi.MAPI_USE_DEFAULT)
I am trying to send a mail using the extended MAPI interface, I am
new to work with MAPI.
I am trying to execute your code,i getting
Hello,
I am a Google Summer of Code student who preparing a SWIG's Python 3.0
support proposal. Here's detail of my proposal:
http://www.dabeaz.com/cgi-bin/wiki.pl?GSoCPython3Proposal
And abstract shown below for convenient:
This project adds Python 3.0 support for SWIG. We will add a "-3" opt
Thanks to all who helped fixing tests in the str/unicode branch! We're
down to about 35 failing tests. I still need help -- especially since
we're now getting into territory that I don't know all that well, for
example the email package or XML support.
The list of unit tests that need help is stil
Michael Foord wrote:
> Guido van Rossum wrote:
>> On 7/11/07, Thomas Heller <[EMAIL PROTECTED]> wrote:
>>
>>> Christian Heimes schrieb:
>>>
By the way the ctypes unit tests are causing a segfault on my machine:
test_ctypes
Warning: could not import ctypes.test.test_numbers: u
On 7/11/07, Chris McDonough <[EMAIL PROTECTED]> wrote:
> I have a very remedial question about how to fix test failures due to
> the side effects of string-unicode integration.
>
> The xmlrpc library uses explicit encoding to encode XML tag payloads
> to (almost always) utf8. Tag literals are not
I have a very remedial question about how to fix test failures due to
the side effects of string-unicode integration.
The xmlrpc library uses explicit encoding to encode XML tag payloads
to (almost always) utf8. Tag literals are not encoded.
What would be the best way to mimic this behavior
Guido van Rossum wrote:
> On 7/11/07, Thomas Heller <[EMAIL PROTECTED]> wrote:
>
>> Christian Heimes schrieb:
>>
>>> By the way the ctypes unit tests are causing a segfault on my machine:
>>> test_ctypes
>>> Warning: could not import ctypes.test.test_numbers: unpack requires a
>>> string ar
On 7/11/07, Thomas Heller <[EMAIL PROTECTED]> wrote:
> Christian Heimes schrieb:
> >
> > By the way the ctypes unit tests are causing a segfault on my machine:
> > test_ctypes
> > Warning: could not import ctypes.test.test_numbers: unpack requires a
> > string argument of length 1
> > Segmentation
Christian Heimes schrieb:
>
> By the way the ctypes unit tests are causing a segfault on my machine:
> test_ctypes
> Warning: could not import ctypes.test.test_numbers: unpack requires a
> string argument of length 1
> Segmentation fault
>
> Ubunutu 7.04 on i386 machine with an Intel P3.
I can r
Steven Bethard wrote:
> I'd probably go with something a little more restrictive, maybe:
>
> r'self.assert_\(\S+ == \S+\)'
>
> Something like that ought to have fewer false positives.
Woops! You are right. Even your pattern has caused some false positives
but I've reread the patch and remove
On 7/10/07, Christian Heimes <[EMAIL PROTECTED]> wrote:
> Guido van Rossum wrote:
> > Please help!
>
> I've made a meta patch that makes debugging the bugs a lot easier. It
> replaces assert_(foo == bar) and failUnless(foo == bar) with
> failUnlessEqual(foo, bar). failUnlessEqual shows the value of
Guido van Rossum wrote:
> Please help!
I've made a meta patch that makes debugging the bugs a lot easier. It
replaces assert_(foo == bar) and failUnless(foo == bar) with
failUnlessEqual(foo, bar). failUnlessEqual shows the value of foo and
bar when they are not equal.
http://www.python.org/sf/175
One of the most daunting tasks remaining for Python 3.0a1 (to be
released by the end of August) is fixing the remaining failing unit
tests in the py3k-struni branch
(http://svn.python.org/view/python/branches/py3k-struni/).
This is the branch where I have started the work on the
string/unification
Jeremy Kloth schrieb:
> GCC's symbol visibility is supposed to address this exact problem. It would
> be nice if -fvisibility=hidden was used to build Python (and its extensions)
> by default on supported platforms/compilers. It shouldn't be much of an
> issue wrt. exported symbols as they alr
Gerhard Häring schrieb:
> Apparently at least gcc on Linux exports all symbols by default that are
> not static.
Correct. Various factors influence run-time symbol binding, though.
> This creates problems with Python extensions that export
> symbols that are also used in other contexts. For examp
On Saturday, September 23, 2006 11:31 am, Gerhard Häring wrote:
> Looks like I don't know C so well after all ...
>
> Apparently at least gcc on Linux exports all symbols by default that are
> not static. This creates problems with Python extensions that export
> symbols that are also used in other
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Looks like I don't know C so well after all ...
Apparently at least gcc on Linux exports all symbols by default that are
not static. This creates problems with Python extensions that export
symbols that are also used in other contexts. For example som
On 8/24/06, Guido van Rossum <[EMAIL PROTECTED]> wrote:
> Should I attempt to reproduce this bug in 2.5 and fix it?
Couldn't help myself. The fix is python.org/sf/1546288 . I set the
priority to 8 which means Neal and Anthony will look at it. It's
probably okay to reduce the priority to 7 and fix
On 8/24/06, Tim Peters <[EMAIL PROTECTED]> wrote:
> [Guido]
> > There's a unit test "test_mutants" which I don't understand. If anyone
> > remembers what it's doing, please contact me -- after ripping out
> > dictionary ordering in Py3k,
>
> Is any form of dictionary comparison still supported, and
On 8/24/06, Guido van Rossum <[EMAIL PROTECTED]> wrote:
> I made that change, and changed class Horrid to define __eq__ instead
> of __cmp__. Since dict_equal() only invokes PyObject_RichCompareBool()
> with op==Py_EQ that should be all that's needed.
>
> Now when I run it, it spits out an apaprent
[Guido]
> There's a unit test "test_mutants" which I don't understand. If anyone
> remembers what it's doing, please contact me -- after ripping out
> dictionary ordering in Py3k,
Is any form of dictionary comparison still supported, and, if so, what
does "dict1 cmp_op dict2" mean now?
> it stops
There's a unit test "test_mutants" which I don't understand. If anyone
remembers what it's doing, please contact me -- after ripping out
dictionary ordering in Py3k, it stops working. In particular, the code
in test_one() requires changes, but I don't know how... Please help!
--
--Guido van Rossu
68 matches
Mail list logo
