I think you are referring to this fix which went into the code on july the 22th: http://svn.python.org/view?rev=65182&view=rev
This has been backported to 2.5, 3.0 and perhaps 2.4 K > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:stackless- > [EMAIL PROTECTED] On Behalf Of David E. Sallis > Sent: Friday, August 15, 2008 21:03 > To: [email protected] > Subject: Re: [Stackless] Stackless to address multiple buffer overflow > vulnerability? > > Guy Hulbert said the following on 8/15/2008 3:11 PM: > > If you want the "Not Vulnerable" versions, I think you'd need to > > build Stackless from the gentoo sources. > > That would be great if I were a Gentoo user, but I'm not. And I build > Stackless from source anyway. Right now Stackless Python > source code from stackless.com is unpatched, including Stackless 2.5.2. > > > You did not reference this CVE although the link you posted does > mention it (with 4 other ones). > > I apologize for not including each specific link to the CVEs > encompassed by the SecurityFocus bulletin, because I assumed that a > reader of my OP would be able to look them up to see WTF. I certainly > learned MY lesson. > > > The only reference to a fix I could find was on the downloads page: > > http://www.python.org/download/ > > Note: there's a security fix for Python 2.2, 2.3 and 2.4. Of the > > releases below, only 2.4.4 and 2.5 and later include the fix. > > Right. A two-year-old security release. So you read this and brushed > me off with "This is an old problem." > > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315 > > If you read the Mitre link carefully, you will notice in the > 'References' section that several Linux vendors have patched or have > begun patching their package-managed Python implementations, to include > Gentoo, Ubuntu, Mandriva and others. Great for them, but > I'm a RedHat user, and, again, I build all of my Python interpreters > from source. > > Can anyone else chime in? For some reason I have developed a headache > of inordinate size and scope. > > -- > David E. Sallis, Software Architect > General Dynamics Information Technology > NOAA Coastal Data Development Center > Stennis Space Center, Mississippi > 228.688.3805 > [EMAIL PROTECTED] > [EMAIL PROTECTED] > -------------------------------------------- > "Better Living Through Software Engineering" > -------------------------------------------- > > _______________________________________________ > Stackless mailing list > [email protected] > http://www.stackless.com/mailman/listinfo/stackless _______________________________________________ Stackless mailing list [email protected] http://www.stackless.com/mailman/listinfo/stackless
