On Mon, Jun 25, 2012 at 09:49:08AM +0200, Marc Haber wrote: > Hi, > > a colleague pointed me to the release notes of python 2.6.8, where the > following security issues are listed being fixed: > > * oCERT-2011-003, CVE-2012-1150, hash collision denial of service) > * CVE-2012-0876, pyexpat hash randomization > * CVE-2012-0845, SimpleXMLRPCServer denial of service > * CVE-2011-3389, disabling of the CBC IV attack countermeasure in the _ssl > module > > The python 2.6.8+squeeze release that I have on my squeeze systems > don't mention any CVE numbers. Does this means that those issues have > not been addressed (yet) in Debian? Is the security team working on > backporting those fixes? > > Greetings > Marc
You can see status of security vulnerabilities in Debian security tracker, which includes bug-numbers and so on. For example http://security-tracker.debian.org/tracker/CVE-2012-1150 - Henri Salo -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
