Re: python 2.6.6 -> python 2.6.8
On Mon, Jun 25, 2012 at 09:49:08AM +0200, Marc Haber wrote:
> Hi,
>
> a colleague pointed me to the release notes of python 2.6.8, where the
> following security issues are listed being fixed:
>
> * oCERT-2011-003, CVE-2012-1150, hash collision denial of service)
> * CVE-2012-0876, pyexpat hash randomization
> * CVE-2012-0845, SimpleXMLRPCServer denial of service
> * CVE-2011-3389, disabling of the CBC IV attack countermeasure in the _ssl module
>
> The python 2.6.8+squeeze release that I have on my squeeze systems
> don't mention any CVE numbers. Does this means that those issues have
> not been addressed (yet) in Debian? Is the security team working on
> backporting those fixes?
>
> Greetings
> Marc
You can see status of security vulnerabilities in Debian security tracker, which includes bug-numbers and so on. For example http://security-tracker.debian.org/tracker/CVE-2012-1150
- Henri Salo
Reply to: