security-sig  

Messages by Date

• 2025/06/17 [Security-announce][CVE-2025-6069] HTMLParser quadratic complexity when processing malformed inputs Seth Larson
• 2025/06/05 [Security-announce]Re: Multiple CVEs (1 CRITICAL, 3 HIGH, 1 MODERATE) affecting the tarfile module Seth Larson
• 2025/06/03 [Security-announce]Re: Multiple CVEs (1 CRITICAL, 3 HIGH, 1 MODERATE) affecting the tarfile module Seth Larson
• 2025/06/03 [Security-announce]Multiple CVEs (1 CRITICAL, 3 HIGH, 1 MODERATE) affecting the tarfile module Seth Larson
• 2025/05/15 [Security-announce][CVE-2025-4516] Use-after-free crash using bytes.decode("unicode_escape", error="ignore|replace") Seth Larson
• 2025/02/28 [Security-announce][CVE-2025-1795] Mishandling of comma during folding and unicode-encoding of email headers Seth Larson
• 2025/02/14 [Security-announce][CVE-2024-3220] Default mimetype known files writeable on Windows Seth Larson
• 2025/01/31 [Security-announce][CVE-2025-0938] URL parser allowed square brackets in domain names Seth Larson
• 2024/12/06 [Security-announce][CVE-2024-12254] Unbounded memory buffering in SelectorSocketTransport.writelines() Seth Larson
• 2024/11/12 [Security-announce][CVE-2024-11168] Improper validation of IPv6 and IPvFuture addresses Seth Larson
• 2024/10/22 [Security-announce][CVE-2024-9287] Virtual environment (venv) activation scripts don't quote paths Seth Larson
• 2024/09/04 [Security-sig] Antw: [Security-announce][CVE-2024-6232] Regular-expression DoS when parsing TarFile headers (Abwesenheit) Daniel Lohmann
• 2024/09/03 [Security-announce][CVE-2024-6232] Regular-expression DoS when parsing TarFile headers Seth Larson
• 2024/08/26 [Security-announce]Re: [CVE-2024-8088] Infinite loop when iterating over zip archive entry names Seth Larson
• 2024/08/22 [Security-announce][CVE-2024-8088] Infinite loop when iterating over zip archive entry names Seth Larson
• 2024/08/19 [Security-announce][CVE-2024-7592] Quadratic complexity parsing cookies with backslashes Seth Larson
• 2024/08/01 [Security-announce][CVE-2024-6923] Email header injection due to unquoted newlines Seth Larson
• 2024/07/29 [Security-announce] [CVE-2024-3219] Pure-Python fallback of socket.socketpair() doesn’t authenticate peer connection Seth Larson
• 2024/06/27 [Security-announce][CVE-2024-5642] Buffer over-read in SSLContext.set_npn_protocols() for Python 3.9 and earlier Seth Larson
• 2024/06/17 [Security-announce][CVE-2024-4032] Incorrect IPv4 and IPv6 private ranges Seth Larson
• 2024/06/17 [Security-announce][CVE-2024-0397] Memory race condition in ssl.SSLContext certificate store methods Seth Larson
• 2024/05/09 [Security-announce]Re: [CVE-2024-4030] tempfile.mkdtemp() may be readable and writeable by all users on Windows Steve Dower
• 2024/04/06 [Security-sig] Re: [Security-announce][CVE-2024-0450] Quoted zip-bomb protection for zipfile Michał Górny
• 2024/04/06 [Security-sig] Re: [Security-announce][CVE-2023-6597] tempfile.TemporaryDirectory dereferences symlinks during cleanup Michał Górny
• 2024/03/19 [Security-announce][CVE-2023-6597] tempfile.TemporaryDirectory dereferences symlinks during cleanup Ee Durbin
• 2024/03/19 [Security-announce][CVE-2024-0450] Quoted zip-bomb protection for zipfile Ee Durbin
• 2022/08/25 [Security-sig] Re: [CVE-2015-20107] Shell injection in mailcap module anglenajolly1
• 2022/06/01 [Security-sig] Re: [Security-announce]Incident Report: Malicious takeover of ctx project on PyPI Sumana Harihareswara
• 2022/05/30 [Security-sig] Re: [Security-announce]Incident Report: Malicious takeover of ctx project on PyPI Brett Cannon
• 2022/05/27 [Security-sig] Re: [Security-announce]Incident Report: Malicious takeover of ctx project on PyPI Skip Montanaro
• 2022/04/13 [Security-sig] [CVE-2015-20107] Shell injection in mailcap module Steve Dower
• 2022/03/07 [Security-sig] [CVE-2022-26488] Escalation of privilege via Windows installer Steve Dower
• 2021/09/07 [Security-sig] Re: Answers to your Questions about PrestaShop Ethan Furman
• 2021/09/06 [Security-sig] Re: Answers to your Questions about PrestaShop Cristina Muñoz via Security-SIG
• 2021/09/06 [Security-sig] Re: Answers to your Questions about PrestaShop Joy Jerra
• 2021/07/09 [Security-sig] Answers to your Questions about PrestaShop Dhriti Jones
• 2021/07/09 [Security-sig] Re: PEP 551: Security transparency in the Python runtime Dhriti Jones
• 2021/07/09 [Security-sig] Re: 374252 Python Invalid Search Path Vulnerability maryseaubin3690
• 2021/07/02 [Security-sig] Get Best Tips And Tricks To Solve Life Issues Sandra Parson via Security-SIG
• 2021/06/17 [Security-sig] Re: 374252 Python Invalid Search Path Vulnerability Victor Stinner
• 2021/06/16 [Security-sig] Re: 374252 Python Invalid Search Path Vulnerability Victor Stinner
• 2021/06/16 [Security-sig] 374252 Python Invalid Search Path Vulnerability Prashanth Reddy
• 2021/02/21 [Security-sig] Which CVSS Severity and Metrics version should be used? 2 or 3? Victor Stinner
• 2020/07/06 [Security-sig] Re: PSRT's page link is broken on the description Barry Warsaw
• 2020/07/06 [Security-sig] Re: PSRT's page link is broken on the description Steve Dower
• 2020/07/06 [Security-sig] PSRT's page link is broken on the description Felipe Rodrigues
• 2020/02/12 [Security-sig] Re: PEP 458: Secure transport independent download integrity for PyPI packages Sumana Harihareswara
• 2020/01/29 [Security-sig] Re: [PSRT] [Security-announce]CVE-2020-8315: Windows 7 DLL hijack Victor Stinner
• 2020/01/29 [Security-sig] Re: [Security-announce]CVE-2020-8315: Windows 7 DLL hijack Marlon Luis Petry
• 2019/12/20 [Security-sig] PEP 458: Secure transport independent download integrity for PyPI packages Sumana Harihareswara
• 2019/05/15 [Security-sig] Table of Python Vulnerabilities updated Victor Stinner
• 2019/02/21 [Security-sig] Move https://python-security.readthedocs.io/ to python.org? Victor Stinner
• 2019/02/20 [Security-sig] Script for testing Python vulnerabilities Victor Stinner
• 2019/01/21 [Security-sig] python-security.readthedocs.io updated Victor Stinner
• 2019/01/07 [Security-sig] Subscriptions to Security-announce Victor Stinner
• 2018/03/07 [Security-sig] CVE-2018-1000117: Buffer overflow vulnerability in os.symlink on Windows Steve Dower
• 2018/03/07 [Security-sig] Re: CVE-2018-1000117: Buffer overflow vulnerability in os.symlink on Windows Steve Dower
• 2018/03/07 [Security-sig] CVE-2018-1000117: Buffer overflow vulnerability in os.symlink on Windows Steve Dower
• 2017/09/29 [Security-sig] Re: Backport critical bugfixes? Nick Coghlan
• 2017/09/28 [Security-sig] Re: Backport critical bugfixes? Ned Deily
• 2017/09/28 [Security-sig] Backport critical bugfixes? Victor Stinner
• 2017/09/26 Re: [Security-sig] [Mailman-cabal] Fwd: List Settings Question Mark Sapiro
• 2017/09/26 Re: [Security-sig] List Settings Question Barry Warsaw
• 2017/09/26 Re: [Security-sig] List Settings Question Victor Stinner
• 2017/09/25 Re: [Security-sig] List Settings Question Nick Coghlan
• 2017/09/25 Re: [Security-sig] List Settings Question Barry Warsaw
• 2017/09/25 Re: [Security-sig] Fwd: List Settings Question Wes Turner
• 2017/09/25 Re: [Security-sig] Fwd: List Settings Question George Fischhof
• 2017/09/25 [Security-sig] Fwd: List Settings Question Steve Barnes
• 2017/08/28 Re: [Security-sig] PEP 551: Security transparency in the Python runtime Steve Dower
• 2017/08/26 Re: [Security-sig] PEP 551: Security transparency in the Python runtime Steve Dower
• 2017/08/26 Re: [Security-sig] PEP 551: Security transparency in the Python runtime Christian Heimes
• 2017/08/26 Re: [Security-sig] PEP 551: Security transparency in the Python runtime Steve Dower
• 2017/08/26 Re: [Security-sig] PEP 551: Security transparency in the Python runtime Steve Dower
• 2017/08/26 Re: [Security-sig] PEP 551: Security transparency in the Python runtime Brett Cannon
• 2017/08/25 Re: [Security-sig] PEP 551: Security transparency in the Python runtime Christian Heimes
• 2017/08/25 Re: [Security-sig] PEP 551: Security transparency in the Python runtime Steve Dower
• 2017/08/25 Re: [Security-sig] PEP 551: Security transparency in the Python runtime Steve Dower
• 2017/08/25 Re: [Security-sig] PEP 551: Security transparency in the Python runtime Christian Heimes
• 2017/08/25 Re: [Security-sig] PEP 551: Security transparency in the Python runtime Christian Heimes
• 2017/08/25 Re: [Security-sig] PEP 551: Security transparency in the Python runtime James Powell
• 2017/08/25 Re: [Security-sig] PEP 551: Security transparency in the Python runtime Steve Dower
• 2017/08/24 Re: [Security-sig] PEP 551: Security transparency in the Python runtime Nick Coghlan
• 2017/08/24 Re: [Security-sig] PEP 551: Security transparency in the Python runtime Steve Dower
• 2017/08/24 Re: [Security-sig] PEP 551: Security transparency in the Python runtime Brett Cannon
• 2017/08/24 Re: [Security-sig] PEP 551: Security transparency in the Python runtime James Powell
• 2017/08/24 Re: [Security-sig] PEP 551: Security transparency in the Python runtime Steve Dower
• 2017/08/24 Re: [Security-sig] PEP 551: Security transparency in the Python runtime Steve Dower
• 2017/08/24 Re: [Security-sig] PEP 551: Security transparency in the Python runtime Steve Dower
• 2017/08/24 Re: [Security-sig] PEP 551: Security transparency in the Python runtime Barry Warsaw
• 2017/08/24 Re: [Security-sig] PEP 551: Security transparency in the Python runtime Nathaniel Smith
• 2017/08/24 [Security-sig] PEP 551: Security transparency in the Python runtime Steve Dower
• 2017/07/28 [Security-sig] All known security vunerabilities have been fixed in all branches Victor Stinner
• 2017/07/18 [Security-sig] Vulnerability table updated for Python 3.6.2 Victor Stinner
• 2017/03/23 [Security-sig] Python Vulnerabilities: Vulnerable Python versions added Victor Stinner
• 2017/03/10 Re: [Security-sig] Archives (.tar or .zip) with absolute paths Victor Stinner
• 2017/03/10 [Security-sig] New report of Python vulnerabilities Victor Stinner
• 2017/03/09 Re: [Security-sig] Archives (.tar or .zip) with absolute paths Wes Turner
• 2017/03/09 Re: [Security-sig] Archives (.tar or .zip) with absolute paths Victor Stinner
• 2017/03/09 Re: [Security-sig] Archives (.tar or .zip) with absolute paths Wes Turner
• 2017/03/09 Re: [Security-sig] HTML page of Python security vulnerabilities Victor Stinner
• 2017/03/09 Re: [Security-sig] Archives (.tar or .zip) with absolute paths Nathaniel Smith
• 2017/03/09 Re: [Security-sig] Archives (.tar or .zip) with absolute paths Victor Stinner
• 2017/03/09 Re: [Security-sig] Archives (.tar or .zip) with absolute paths Wes Turner
• 2017/03/09 [Security-sig] Archives (.tar or .zip) with absolute paths Victor Stinner
• 2017/03/02 Re: [Security-sig] Patching ssl.py to workaround ssl lack of relocability David Cournapeau
• 2017/03/01 Re: [Security-sig] Patching ssl.py to workaround ssl lack of relocability Nick Coghlan
• 2017/03/01 Re: [Security-sig] Patching ssl.py to workaround ssl lack of relocability David Cournapeau
• 2017/03/01 Re: [Security-sig] Patching ssl.py to workaround ssl lack of relocability Christian Heimes
• 2017/03/01 [Security-sig] Patching ssl.py to workaround ssl lack of relocability David Cournapeau
• 2017/02/21 Re: [Security-sig] HTML page of Python security vulnerabilities Victor Stinner
• 2017/02/21 Re: [Security-sig] 3.3 and 3.4 branches not well maintained Victor Stinner
• 2017/02/21 Re: [Security-sig] 3.3 and 3.4 branches not well maintained Victor Stinner
• 2017/02/21 Re: [Security-sig] 3.3 and 3.4 branches not well maintained Ned Deily
• 2017/02/21 Re: [Security-sig] HTML page of Python security vulnerabilities Victor Stinner
• 2017/02/21 [Security-sig] 3.3 and 3.4 branches not well maintained Victor Stinner
• 2017/02/20 Re: [Security-sig] HTML page of Python security vulnerabilities Victor Stinner
• 2017/02/18 Re: [Security-sig] HTML page of Python security vulnerabilities Wes Turner
• 2017/02/18 Re: [Security-sig] HTML page of Python security vulnerabilities Steve Dower
• 2017/02/17 [Security-sig] HTML page of Python security vulnerabilities Victor Stinner
• 2017/02/10 Re: [Security-sig] Unified TLS API for Python: Draft 3 Wes Turner
• 2017/02/10 Re: [Security-sig] Unified TLS API for Python: Draft 3 Cory Benfield
• 2017/02/10 Re: [Security-sig] Unified TLS API for Python: Draft 3 Wes Turner
• 2017/02/09 [Security-sig] Unified TLS API for Python 4: This Time It's Personal Cory Benfield
• 2017/01/27 Re: [Security-sig] Unified TLS API for Python: Draft 3 Wes Turner
• 2017/01/27 Re: [Security-sig] Unified TLS API for Python: Draft 3 Cory Benfield
• 2017/01/26 Re: [Security-sig] Unified TLS API for Python: Draft 3 Donald Stufft
• 2017/01/26 Re: [Security-sig] Unified TLS API for Python: Round 2 Nick Coghlan
• 2017/01/26 Re: [Security-sig] Unified TLS API for Python: Round 2 Christian Heimes
• 2017/01/26 Re: [Security-sig] Unified TLS API for Python: Round 2 Cory Benfield
• 2017/01/26 Re: [Security-sig] email & phones Nick Coghlan
• 2017/01/26 Re: [Security-sig] Unified TLS API for Python: Round 2 Nick Coghlan
• 2017/01/26 Re: [Security-sig] Unified TLS API for Python: Round 2 Nathaniel Smith
• 2017/01/26 Re: [Security-sig] Unified TLS API for Python: Round 2 Cory Benfield
• 2017/01/26 Re: [Security-sig] Unified TLS API for Python: Draft 3 Cory Benfield
• 2017/01/26 Re: [Security-sig] Unified TLS API for Python: Round 2 Christian Heimes
• 2017/01/25 Re: [Security-sig] Unified TLS API for Python: Round 2 Nick Coghlan
• 2017/01/25 Re: [Security-sig] email & phones Ethan Furman
• 2017/01/25 Re: [Security-sig] Unified TLS API for Python: Draft 3 Ethan Furman
• 2017/01/25 Re: [Security-sig] email & phones Steve Dower
• 2017/01/25 Re: [Security-sig] email & phones Donald Stufft
• 2017/01/25 [Security-sig] email & phones Ethan Furman
• 2017/01/25 [Security-sig] Unified TLS API for Python: Draft 3 Cory Benfield
• 2017/01/24 Re: [Security-sig] Unified TLS API for Python: Round 2 Cory Benfield
• 2017/01/23 Re: [Security-sig] Unified TLS API for Python: Round 2 Ethan Furman
• 2017/01/23 Re: [Security-sig] Unified TLS API for Python: Round 2 Nathaniel Smith
• 2017/01/23 Re: [Security-sig] Unified TLS API for Python: Round 2 Cory Benfield
• 2017/01/23 Re: [Security-sig] Unified TLS API for Python: Round 2 Cory Benfield
• 2017/01/22 Re: [Security-sig] Unified TLS API for Python: Round 2 Wes Turner
• 2017/01/22 Re: [Security-sig] Unified TLS API for Python: Round 2 Ethan Furman
• 2017/01/22 Re: [Security-sig] Unified TLS API for Python: Round 2 Christian Heimes
• 2017/01/22 Re: [Security-sig] Unified TLS API for Python: Round 2 Cory Benfield
• 2017/01/22 Re: [Security-sig] Unified TLS API for Python: Round 2 Wes Turner
• 2017/01/22 Re: [Security-sig] Unified TLS API for Python: Round 2 Cory Benfield
• 2017/01/22 Re: [Security-sig] Unified TLS API for Python: Round 2 Wes Turner
• 2017/01/22 Re: [Security-sig] Unified TLS API for Python: Round 2 Cory Benfield
• 2017/01/22 Re: [Security-sig] Unified TLS API for Python: Round 2 Cory Benfield
• 2017/01/21 Re: [Security-sig] Unified TLS API for Python: Round 2 Nick Coghlan
• 2017/01/20 Re: [Security-sig] Unified TLS API for Python: Round 2 Nathaniel Smith
• 2017/01/20 Re: [Security-sig] Unified TLS API for Python: Round 2 Wes Turner
• 2017/01/20 Re: [Security-sig] Unified TLS API for Python: Round 2 Cory Benfield
• 2017/01/20 Re: [Security-sig] Unified TLS API for Python: Round 2 Wes Turner
• 2017/01/20 Re: [Security-sig] Unified TLS API for Python: Round 2 Cory Benfield
• 2017/01/19 Re: [Security-sig] Unified TLS API for Python: Round 2 Wes Turner
• 2017/01/19 [Security-sig] Unified TLS API for Python: Round 2 Cory Benfield
• 2017/01/13 Re: [Security-sig] Unified TLS API for Python Christian Heimes
• 2017/01/13 Re: [Security-sig] Unified TLS API for Python Cory Benfield
• 2017/01/13 Re: [Security-sig] Unified TLS API for Python Nick Coghlan
• 2017/01/13 Re: [Security-sig] Unified TLS API for Python Christian Heimes
• 2017/01/13 Re: [Security-sig] Unified TLS API for Python Christian Heimes
• 2017/01/13 Re: [Security-sig] Unified TLS API for Python Nick Coghlan
• 2017/01/13 Re: [Security-sig] Unified TLS API for Python Cory Benfield
• 2017/01/13 Re: [Security-sig] Unified TLS API for Python Nick Coghlan
• 2017/01/13 Re: [Security-sig] Unified TLS API for Python Cory Benfield
• 2017/01/13 Re: [Security-sig] Unified TLS API for Python Nathaniel Smith
• 2017/01/13 Re: [Security-sig] Unified TLS API for Python Christian Heimes
• 2017/01/13 Re: [Security-sig] Unified TLS API for Python Nick Coghlan
• 2017/01/13 Re: [Security-sig] Unified TLS API for Python Nick Coghlan
• 2017/01/13 Re: [Security-sig] Unified TLS API for Python Nathaniel Smith
• 2017/01/13 Re: [Security-sig] Unified TLS API for Python Nathaniel Smith
• 2017/01/13 Re: [Security-sig] Unified TLS API for Python Cory Benfield
• 2017/01/13 Re: [Security-sig] Unified TLS API for Python Cory Benfield
• 2017/01/13 Re: [Security-sig] Unified TLS API for Python Nathaniel Smith
• 2017/01/13 Re: [Security-sig] Unified TLS API for Python Cory Benfield
• 2017/01/13 Re: [Security-sig] Unified TLS API for Python Nick Coghlan
• 2017/01/12 Re: [Security-sig] Unified TLS API for Python Wes Turner
• 2017/01/12 Re: [Security-sig] Unified TLS API for Python Nick Coghlan
• 2017/01/12 Re: [Security-sig] Unified TLS API for Python Wes Turner
• 2017/01/12 Re: [Security-sig] Unified TLS API for Python Ian Cordasco
• 2017/01/12 Re: [Security-sig] Unified TLS API for Python Wes Turner
• 2017/01/12 Re: [Security-sig] Unified TLS API for Python Donald Stufft
• 2017/01/12 Re: [Security-sig] Unified TLS API for Python Cory Benfield
• 2017/01/12 Re: [Security-sig] Unified TLS API for Python Donald Stufft
• 2017/01/12 Re: [Security-sig] Unified TLS API for Python Christian Heimes
• 2017/01/12 Re: [Security-sig] Unified TLS API for Python Christian Heimes
• 2017/01/12 Re: [Security-sig] Unified TLS API for Python Wes Turner
• 2017/01/12 Re: [Security-sig] Unified TLS API for Python Wes Turner
• 2017/01/12 Re: [Security-sig] Unified TLS API for Python Christian Heimes
• 2017/01/12 Re: [Security-sig] Unified TLS API for Python Nick Coghlan
• 2017/01/12 Re: [Security-sig] Unified TLS API for Python Cory Benfield

• Earlier messages