-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Jan 21, 2003 at 07:47:11AM +0100, Martin Schulze wrote:
I suggest to disable the above two modules in python2.2 (which is in
woody), even if existing applications can break. What do you think?
I'd rather know about the vulnerability
Martin Schulze wrote:
I'd rather know about the vulnerability (and maybe doko is able to
implement a fix) than to blindly castrate software. Theo d.R. already
taught us that blindly releasing updates are not good.
Here's some relevant links for the bugs:
Deleting __builtins__:
Martin Schulze wrote:
Ouch. It's very sad that upstream says that they don't have the resources
to fix security bugs in a widely used software.
AFAIK, rexec and Bastion are not widely used.
Neil
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
I just read this Post from Guido van Rossum[1] that the rexec.py and
Bastian.py modules have severe security flaws. These modules will be
disabled in the next 2.2 and 2.3 releases to avoid security risks.
[1]
Bastian Kleineidam writes:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
I just read this Post from Guido van Rossum[1] that the rexec.py and
Bastian.py modules have severe security flaws. These modules will be
disabled in the next 2.2 and 2.3 releases to avoid security risks.
[1]
5 matches
Mail list logo