On Sat, Jul 15, 2023 at 1:02 PM Dieter Maurer <die...@handshake.de> wrote:
> I am active in the `Zope` community (a web application server
> based on Python). This community has a security mailing list
> for security related reports
> and issues public CVE (= "Commun Vulnerabilities and Exposures") reports
> (via a "GitHUB" service) as soon as a security risk has been resolved.
> I expect that security risks for Python itself are handled in
> a similar way (as, Python too, maintains its code on "GitHUB").

Yes the Python community does have a security mailing list, but as I
noted earlier, it appears to be moribund. And yes, the cpython GitHub
repository does have a security tab, but it reports "There aren’t any
published security advisories."

> ...
> For details about CVE, read
> "https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures";.

Thanks for the link, Dieter. I found the NIST search interface to be
buggy, and there doesn't seem to be a way to search the Mitre site
effectively to get vulnerabilities just for the Python language and
standard libraries. I've downloaded the entire corpus of JSON CVEs and
I'm digging into what would be involved in querying it myself.


Reply via email to