python 2.6.6 -> python 2.6.8

To: debian-security@lists.debian.org
Subject: python 2.6.6 -> python 2.6.8
From: Marc Haber <mh+debian-security@zugschlus.de>
Date: Mon, 25 Jun 2012 09:49:08 +0200
Message-id: <[🔎] 20120625074908.GA17410@torres.zugschlus.de>

Hi,

a colleague pointed me to the release notes of python 2.6.8, where the
following security issues are listed being fixed:

 * oCERT-2011-003, CVE-2012-1150, hash collision denial of service)
 * CVE-2012-0876, pyexpat hash randomization
 * CVE-2012-0845, SimpleXMLRPCServer denial of service
 * CVE-2011-3389, disabling of the CBC IV attack countermeasure in the _ssl module

The python 2.6.8+squeeze release that I have on my squeeze systems
don't mention any CVE numbers. Does this means that those issues have
not been addressed (yet) in Debian? Is the security team working on
backporting those fixes?

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 31958061
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 31958062

Reply to:

Follow-Ups:
- Re: python 2.6.6 -> python 2.6.8
  - From: Henri Salo <henri@nerv.fi>

Prev by Date: out of office
Next by Date: Re: [SECURITY] [DSA 2501-1] xen security update
Previous by thread: out of office
Next by thread: Re: python 2.6.6 -> python 2.6.8
Index(es):
- Date
- Thread