>> Is threre any chance to fix this bug before releasing 2.5.2? >> http://bugs.python.org/issue1736 >> It contains potential buffer overrun, I think this is somewhat important. >> If multibyte support (CharNext) is not needed, I 'll rewrite the patch >> gracefully. > > I'll leave that to MvL to decide; given that AFAIK msilib is only used > to build the Python installer I'm not sure it's worth defending > against malicious code -- it would be easier to simply remove it from > an installation if you have reason to believe you might be executing > malicious Python code. >
I'll look into it. msilib is used in distutils (for bdist_msi), so it should get fixed. Regards, Martin _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
