Re: Python rexec and Bastion flaws

To: Bastian Kleineidam <calvin@debian.org>
Cc: debian-python@lists.debian.org, security@debian.org
Subject: Re: Python rexec and Bastion flaws
From: Matthias Klose <doko@cs.tu-berlin.de>
Date: Tue, 21 Jan 2003 00:13:31 +0100
Message-id: <15916.33435.149210.120055@gargle.gargle.HOWL>
In-reply-to: <20030120211015.GD12749@treasure>
References: <20030120211015.GD12749@treasure>

Bastian Kleineidam writes:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi,
> 
> I just read this Post from Guido van Rossum[1] that the rexec.py and
> Bastian.py modules have severe security flaws. These modules will be
> disabled in the next 2.2 and 2.3 releases to avoid security risks.
> [1] http://groups.google.com/groups?selm=mailman.1041875417.12807.clpa-moderators%40python.org
> 
> I suggest to disable the above two modules in python2.2 (which is in
> woody), even if existing applications can break. What do you think?

as long as the upgrade situation is not resolved (new versions in
security and woody-proposed-updates), an upload does not make any
sense.

what about providing a patch to _ask_ the user, if the two modules
should be installed? (no, I don't write it).

Reply to:

References:
- Python rexec and Bastion flaws
  - From: Bastian Kleineidam <calvin@debian.org>

Prev by Date: Python rexec and Bastion flaws
Next by Date: Re: Python rexec and Bastion flaws
Previous by thread: Python rexec and Bastion flaws
Next by thread: Re: Python rexec and Bastion flaws
Index(es):
- Date
- Thread