Martin Schulze wrote:
I'd rather know about the vulnerability (and maybe doko is able to implement a fix) than to blindly castrate software. Theo d.R. already taught us that blindly releasing updates are not good.
Here's some relevant links for the bugs: Deleting __builtins__: http://python.org/sf/577530 Modifying new-style classes: http://mail.python.org/pipermail/python-dev/2002-December/031160.html Final thread about dropping rexec: http://mail.python.org/pipermail/python-dev/2003-January/031842.htmlPlease note that the two bugs described above are only the two *known* bugs - nobody knows how many other bugs there are in rexec.
--"Hanging is too good for a man who makes puns; he should be drawn and quoted."
-- Fred Allen