Does python.org serve any Python binaries that are statically linked with a vulnerable glibc? That seems to be the question. If not, it's up to the downstream distributions.
On Wed, Feb 17, 2016 at 12:09 PM, Andrew Barnert via Python-Dev <python-dev@python.org> wrote: > On Feb 17, 2016, at 10:44, MRAB <pyt...@mrabarnett.plus.com> wrote: >> >> Is this something that we need to worry about? >> >> Extremely severe bug leaves dizzying number of software and devices >> vulnerable >> http://arstechnica.com/security/2016/02/extremely-severe-bug-leaves-dizzying-number-of-apps-and-devices-vulnerable/ > > Is there a workaround that Python and/or Python apps should be doing, or is > this just a matter of everyone on glibc 2.9+ needs to update their glibc? > > _______________________________________________ > Python-Dev mailing list > Python-Dev@python.org > https://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: > https://mail.python.org/mailman/options/python-dev/guido%40python.org -- --Guido van Rossum (python.org/~guido) _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
