Re: python 2.6.6 -> python 2.6.8

To: Marc Haber <mh+debian-security@zugschlus.de>
Cc: debian-security@lists.debian.org
Subject: Re: python 2.6.6 -> python 2.6.8
From: Henri Salo <henri@nerv.fi>
Date: Mon, 25 Jun 2012 14:45:57 +0300
Message-id: <[🔎] 20120625114557.GA15675@lakka.kapsi.fi>
In-reply-to: <[🔎] 20120625074908.GA17410@torres.zugschlus.de>
References: <[🔎] 20120625074908.GA17410@torres.zugschlus.de>

On Mon, Jun 25, 2012 at 09:49:08AM +0200, Marc Haber wrote:
> Hi,
> 
> a colleague pointed me to the release notes of python 2.6.8, where the
> following security issues are listed being fixed:
> 
>  * oCERT-2011-003, CVE-2012-1150, hash collision denial of service)
>  * CVE-2012-0876, pyexpat hash randomization
>  * CVE-2012-0845, SimpleXMLRPCServer denial of service
>  * CVE-2011-3389, disabling of the CBC IV attack countermeasure in the _ssl module
> 
> The python 2.6.8+squeeze release that I have on my squeeze systems
> don't mention any CVE numbers. Does this means that those issues have
> not been addressed (yet) in Debian? Is the security team working on
> backporting those fixes?
> 
> Greetings
> Marc

You can see status of security vulnerabilities in Debian security tracker, which includes bug-numbers and so on. For example http://security-tracker.debian.org/tracker/CVE-2012-1150

- Henri Salo

Reply to:

Follow-Ups:
- Re: python 2.6.6 -> python 2.6.8
  - From: Marc Haber <mh+debian-security@zugschlus.de>

References:
- python 2.6.6 -> python 2.6.8
  - From: Marc Haber <mh+debian-security@zugschlus.de>

Prev by Date: Re: [SECURITY] [DSA 2498-1] dhcpcd security update
Next by Date: Re: python 2.6.6 -> python 2.6.8
Previous by thread: python 2.6.6 -> python 2.6.8
Next by thread: Re: python 2.6.6 -> python 2.6.8
Index(es):
- Date
- Thread