On Fri, 2008-15-08 at 11:52 -0500, David E. Sallis wrote: > Guy Hulbert said the following on 8/15/2008 11:36 AM: > > This is an old problem. > > > http://www.python.org/files/news/security/PSF-2006-001/PSF-2006-001.txt > > I must respectfully disagree. Did you read the bulletin I > referenced?
Nope. I read the link you posted: http://www.securityfocus.com/bid/30491 and I followed this: http://www.securityfocus.com/bid/30491/solution Solution: The vendor has released fixes to address the issues. Please see the references for more information. to: http://www.securityfocus.com/bid/30491/references and to: http://www.python.org/ The only reference to a fix I could find was on the downloads page: http://www.python.org/download/ Note: there's a security fix for Python 2.2, 2.3 and 2.4. Of the releases below, only 2.4.4 and 2.5 and later include the fix. > CVE-2008-2315, for one, was published in late July 2008. It > states in part: You did not reference this CVE although the link you posted does mention it (with 4 other ones). [snip] > This is *not* an old problem. You seem to be correct here. The python pages seem to know nothing about this one. Google brings up: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315 However: This CVE Identifier has "Candidate" status and must be reviewed and accepted by the CVE Editorial Board before it can be updated to official "Entry" status on the CVE List. It may be modified or even rejected in the future. pointing to: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2315 Which has 3 links to gentoo. The first one is more informative than anything else I've found so far: http://www.gentoo.org/security/en/glsa/glsa-200807-16.xml > -- --gh _______________________________________________ Stackless mailing list [email protected] http://www.stackless.com/mailman/listinfo/stackless
