My thanks to Miro and (especially!) Victor for quickly putting together
those lovely PRs. I've now merged everything outstanding for 3.4 and
3.5 except this:
https://github.com/python/cpython/pull/10994
It's a backport of LibreSSL 2.7.0 support for 3.5. This is something I
believe Chri
I wrote fixes:
Le ven. 15 févr. 2019 à 12:28, Victor Stinner a écrit :
> https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html
3.5: https://github.com/python/cpython/pull/11867
3.4: https://github.com/python/cpython/pull/11868
> https://python-security.readthedocs.io/vuln/pickle-load
Hi,
Le ven. 15 févr. 2019 à 12:07, Miro Hrončok a écrit :
> I've checked Fedora CVE bugs against python 3.4 and 3.5. Here is one missing I
> found:
>
> CVE-2018-20406 https://bugs.python.org/issue34656
> memory exhaustion in Modules/_pickle.c:1393
> Marked as resolved, but I don't see it fixed on
On 15. 02. 19 3:29, Larry Hastings wrote:
If you have
anything you think needs to go into the next 3.5, or the final 3.4, and it's
/not/ listed above, please either file a GitHub PR, file a release-blocker bug
on bpo, or email me directly.
I've checked Fedora CVE bugs against python 3.4 and 3
Howdy howdy! It's time to make the next bugfix release of 3.5--and the
/final/ release /ever/ of Python 3.4. Here's the schedule I propose:
3.4.10rc1 and 3.5.7rc1 - Saturday March 2 2019
3.4.10 final and 3.5.7 final - Saturday March 16 2019
What's going in these releases? Not much.
