Hi, a colleague pointed me to the release notes of python 2.6.8, where the following security issues are listed being fixed:
* oCERT-2011-003, CVE-2012-1150, hash collision denial of service) * CVE-2012-0876, pyexpat hash randomization * CVE-2012-0845, SimpleXMLRPCServer denial of service * CVE-2011-3389, disabling of the CBC IV attack countermeasure in the _ssl module The python 2.6.8+squeeze release that I have on my squeeze systems don't mention any CVE numbers. Does this means that those issues have not been addressed (yet) in Debian? Is the security team working on backporting those fixes? Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 31958061 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 31958062 -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
