Hi,

I updated the list of Python vulnerabilities:
https://python-security.readthedocs.io/vulnerabilities.html

I modified my code to support multiple CVE per vulnerability, example
with 8 CVE:
https://python-security.readthedocs.io/vuln/multiple-integer-overflows-apple.html

I added a "slug": ascii unique identifier for each vulnerability.
Maybe we need to create our own vulnerability numbers rather than
using CVE, bugs.python.org bug number or a slug. It might ease to
properly identify a vulnerability. Some old issues have no bpo number
(fixed directly into the code without creating an issue):
https://python-security.readthedocs.io/vuln/smtplib-tls-stripping.html

Deciding how we identify vulnerabilities is the main blocker issue to
migrate https://python-security.readthedocs.io/ to
https://security.python.org/

It would be nice to make this website more official to collect
"official" information about Python security.

Victor
-- 
Night gathers, and now my watch begins. It shall not end until my death.
_______________________________________________
Security-SIG mailing list -- security-sig@python.org
To unsubscribe send an email to security-sig-le...@python.org
https://mail.python.org/mailman3/lists/security-sig.python.org/

Reply via email to