Re: [Security-sig] Archives (.tar or .zip) with absolute paths

2017-03-09 Thread Wes Turner
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') https://cwe.mitre.org/top25/#CWE-22 http://cwe.mitre.org/data/definitions/22.html - [ ] BUG,SEC: -P/--absolute-names *13* *CWE-22 : Improper Limitation of a

Re: [Security-sig] HTML page of Python security vulnerabilities

2017-02-18 Thread Wes Turner
2008-Present http://www.cvedetails.com/product/18230/Python-Python.html?vendor_id=10210 There's a download link, but AFAICT not an API On Friday, February 17, 2017, Victor Stinner wrote: > Hi, > > I wrote a tool to generate an HTML report on Python security >

Re: [Security-sig] Unified TLS API for Python: Draft 3

2017-02-10 Thread Wes Turner
On Fri, Feb 10, 2017 at 11:22 AM, Cory Benfield <c...@lukasa.co.uk> wrote: > > On 10 Feb 2017, at 17:20, Wes Turner <wes.tur...@gmail.com> wrote: > > I learned about oscrypto: > > - oscrypto: "TLS (SSL) sockets, key generation, encryption, decryption, > signi

Re: [Security-sig] Unified TLS API for Python: Draft 3

2017-02-10 Thread Wes Turner
On Fri, Jan 27, 2017 at 9:30 AM, Wes Turner <wes.tur...@gmail.com> wrote: > > > On Fri, Jan 27, 2017 at 3:10 AM, Cory Benfield <c...@lukasa.co.uk> wrote: > >> >> On 26 Jan 2017, at 21:17, Donald Stufft <don...@stufft.io> wrote: >> >

Re: [Security-sig] Unified TLS API for Python: Draft 3

2017-01-27 Thread Wes Turner
On Fri, Jan 27, 2017 at 3:10 AM, Cory Benfield wrote: > > On 26 Jan 2017, at 21:17, Donald Stufft wrote: > > > On Jan 26, 2017, at 4:18 AM, Cory Benfield wrote: > > For this reason I’m inclined to lean towards the more verbose approach of

Re: [Security-sig] Unified TLS API for Python

2017-01-12 Thread Wes Turner
On Thursday, January 12, 2017, Christian Heimes <christ...@cheimes.de> wrote: > On 2017-01-12 18:07, Wes Turner wrote: > > > > > > On Thursday, January 12, 2017, Cory Benfield <c...@lukasa.co.uk > <javascript:;> > > <mailto:c...@lukasa.co.uk <jav

Re: [Security-sig] Unified TLS API for Python

2017-01-12 Thread Wes Turner
On Thursday, January 12, 2017, Cory Benfield <c...@lukasa.co.uk> wrote: > > On 11 Jan 2017, at 21:44, Wes Turner <wes.tur...@gmail.com > <javascript:_e(%7B%7D,'cvml','wes.tur...@gmail.com');>> wrote: > > This may be a bit of a different use case (and possibly wo