Re: [Python-Dev] Python FTP Injections Allow for Firewall Bypass (oss-security advisory)

2017-06-20 Thread Victor Stinner
confirmation of this from Christian > Heimes. I think that was a dark year for the PSRT. > > On Tue, Jun 20, 2017 at 3:35 PM, Victor Stinner <victor.stin...@gmail.com> > wrote: >> >> Hi, >> >> Re: "[Python-Dev] Python FTP Injections Allow for Firewall Bypa

Re: [Python-Dev] Python FTP Injections Allow for Firewall Bypass (oss-security advisory)

2017-06-20 Thread Guido van Rossum
i, > > Re: "[Python-Dev] Python FTP Injections Allow for Firewall Bypass > (oss-security advisory)" > > 2017-02-24 5:36 GMT+01:00 Steven D'Aprano <st...@pearwood.info>: > > I am not qualified to judge the merits of this, but it does seem > > worrying that (a

Re: [Python-Dev] Python FTP Injections Allow for Firewall Bypass (oss-security advisory)

2017-06-20 Thread Victor Stinner
Hi, Re: "[Python-Dev] Python FTP Injections Allow for Firewall Bypass (oss-security advisory)" 2017-02-24 5:36 GMT+01:00 Steven D'Aprano <st...@pearwood.info>: > I am not qualified to judge the merits of this, but it does seem > worrying that (alledgedly) the Pytho

Re: [Python-Dev] Python FTP Injections Allow for Firewall Bypass (oss-security advisory)

2017-02-24 Thread Christian Heimes
On 2017-02-24 11:01, Antoine Pitrou wrote: > On Thu, 23 Feb 2017 23:51:45 -0800 > Benjamin Peterson wrote: >> >> Like all CPython developers, the Python security team are all >> volunteers. That combined with the fact that dealing with security >> issues is one of the least

Re: [Python-Dev] Python FTP Injections Allow for Firewall Bypass (oss-security advisory)

2017-02-24 Thread tritium-list
t: Re: [Python-Dev] Python FTP Injections Allow for Firewall Bypass > (oss-security advisory) > > On Thu, 23 Feb 2017 23:51:45 -0800 > Benjamin Peterson <benja...@python.org> wrote: > > > > Like all CPython developers, the Python security team are all > >

Re: [Python-Dev] Python FTP Injections Allow for Firewall Bypass (oss-security advisory)

2017-02-24 Thread Antoine Pitrou
On Thu, 23 Feb 2017 23:51:45 -0800 Benjamin Peterson wrote: > > Like all CPython developers, the Python security team are all > volunteers. That combined with the fact that dealing with security > issues is one of the least fun programming tasks means issues are > sometimes

Re: [Python-Dev] Python FTP Injections Allow for Firewall Bypass (oss-security advisory)

2017-02-24 Thread Martin Panter
On 24 February 2017 at 07:51, Benjamin Peterson wrote: > As for this, particular issue, we should determine if there's a tracker > issue yet and continue discussion there. That would be . ___

Re: [Python-Dev] Python FTP Injections Allow for Firewall Bypass (oss-security advisory)

2017-02-23 Thread Benjamin Peterson
On Thu, Feb 23, 2017, at 20:36, Steven D'Aprano wrote: > I haven't seen any response to the following alleged security > vulnerability. > > I am not qualified to judge the merits of this, but it does seem > worrying that (alledgedly) the Python security team hasn't responded for > over 12

Re: [Python-Dev] Python FTP Injections Allow for Firewall Bypass (oss-security advisory)

2017-02-23 Thread Steven D'Aprano
I haven't seen any response to the following alleged security vulnerability. I am not qualified to judge the merits of this, but it does seem worrying that (alledgedly) the Python security team hasn't responded for over 12 months. Is anyone able to comment? Thanks, Steve On Mon, Feb 20,

[Python-Dev] Python FTP Injections Allow for Firewall Bypass (oss-security advisory)

2017-02-20 Thread nospam
Hello, I have just noticed that an FTP injection advisory has been made public on the oss-security list. The author says that he an exploit exists but it won't be published until the code is patched You may be already aware, but it would be good to understand what is the position of the core