Le 04/27/17 à 06:08, Paul Wise a écrit :
> On Fri, 9 Dec 2016 21:24:48 +0100 Julien Muchembled wrote:
>
>> python-zodbpickle - Fork of pickle module, for ZODB
>
> If this enters Debian, please make sure that you notify the security
> team to update their embedded-code-copies file, which tracks both
> embedded copies and forks of projects.
>
> https://wiki.debian.org/EmbeddedCodeCopies
>
python-zodbpickle has just entered Debian and as planned, I suggest to update embedded-code-copies because this package forks the 'pickle' modules of Python 2.7.6 and 3.3.2
For Python 2:
python2.7
- zodbpickle <unknown> (embed)
NOTE: embeds stdlib modules: pickle, cpickle
I am surprised to see no entry for any version of Python 3. Maybe start one with python3.6
However, given the warning at the top of https://docs.python.org/3/library/pickle.html
I am not sure it's useful to bother about the security of this code.
And unfortunately, the many changes in Python are not merged into zodbpickle.
Julien
Attachment:
signature.asc
Description: OpenPGP digital signature