[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: python 2.6.6 -> python 2.6.8

On Mon, Jun 25, 2012 at 09:49:08AM +0200, Marc Haber wrote:
> Hi,
> a colleague pointed me to the release notes of python 2.6.8, where the
> following security issues are listed being fixed:
>  * oCERT-2011-003, CVE-2012-1150, hash collision denial of service)
>  * CVE-2012-0876, pyexpat hash randomization
>  * CVE-2012-0845, SimpleXMLRPCServer denial of service
>  * CVE-2011-3389, disabling of the CBC IV attack countermeasure in the _ssl module
> The python 2.6.8+squeeze release that I have on my squeeze systems
> don't mention any CVE numbers. Does this means that those issues have
> not been addressed (yet) in Debian? Is the security team working on
> backporting those fixes?
> Greetings
> Marc

You can see status of security vulnerabilities in Debian security tracker, which includes bug-numbers and so on. For example http://security-tracker.debian.org/tracker/CVE-2012-1150

- Henri Salo

Reply to: