Hi, I reworked my script generating the list of Python vulnerabilities to be able to list commits which are not part of a public release yet. I added recent vulnerabilities:
* CVE-2019-5010: TALOS-2018-0758 SSL CRL distribution points Denial of Service * CVE-2018-20406: pickle.load denial of service * CVE-2018-14647: _elementree C accelerator doesn’t call XML_SetHashSalt() https://python-security.readthedocs.io/vulnerabilities.html I wrote this website to be help tracking if known vulnerabilities are fixed in all supported branches (2.7, 3.4-3.8) It's not the case for the 3 latest vulnerabilities yet. I will make sure that they are fixed. Victor -- Night gathers, and now my watch begins. It shall not end until my death. _______________________________________________ Security-SIG mailing list -- security-sig@python.org To unsubscribe send an email to security-sig-le...@python.org https://mail.python.org/mailman3/lists/security-sig.python.org/
