[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

python 2.6.6 -> python 2.6.8


a colleague pointed me to the release notes of python 2.6.8, where the
following security issues are listed being fixed:

 * oCERT-2011-003, CVE-2012-1150, hash collision denial of service)
 * CVE-2012-0876, pyexpat hash randomization
 * CVE-2012-0845, SimpleXMLRPCServer denial of service
 * CVE-2011-3389, disabling of the CBC IV attack countermeasure in the _ssl module

The python 2.6.8+squeeze release that I have on my squeeze systems
don't mention any CVE numbers. Does this means that those issues have
not been addressed (yet) in Debian? Is the security team working on
backporting those fixes?


Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 31958061
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 31958062

Reply to: