On Feb 21, 2017, at 13:07, Victor Stinner <victor.stin...@gmail.com> wrote: > I completed my list of vulnerabilities. It helps to track if a > vulnerability has been fixed in all security maintained branches. > http://python-security.readthedocs.io/vulnerabilities.html > > Currently, the following branches are maintained for security: 2.7, > 3.3, 3.4, 3.4, 3.5 and 3.6 > https://docs.python.org/devguide/#status-of-python-branches > > I looked at the 5 latest vulnerabilities, and we didn't backport fixes > to all maintained branches: > > Issue #28563: > 3.3 backported, no release yet > CVE-2016-2183: > 3.3 and 3.4 not fixed yet <==== > https://bugs.python.org/issue27850#msg275073 > CVE-2016-1000110 > 3.3 backported, no release yet > CVE-2016-0772 > 3.3 needs backport <==== > Issue #26657 > 3.3 and 3.4 need backport <==== > > Maybe a 3.3 release may be needed as well.
Have you contacted the 3.3 and 3.4 release managers about this? -- Ned Deily n...@python.org -- [] _______________________________________________ Security-SIG mailing list Security-SIG@python.org https://mail.python.org/mailman/listinfo/security-sig
