[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: python 2.6.6 -> python 2.6.8

Hi Henri,

thanks for your explanation.

On Mon, Jun 25, 2012 at 02:45:57PM +0300, Henri Salo wrote:
> On Mon, Jun 25, 2012 at 09:49:08AM +0200, Marc Haber wrote:
> > a colleague pointed me to the release notes of python 2.6.8, where the
> > following security issues are listed being fixed:
> > 
> >  * oCERT-2011-003, CVE-2012-1150, hash collision denial of service)

"[squeeze] - python2.6 <no-dsa> (Minor issue)" means that there will
be no DSA because the issue is so minor that the team decided not to

> >  * CVE-2011-3389, disabling of the CBC IV attack countermeasure in the _ssl module

phyton is not listed in
http://security-tracker.debian.org/tracker/CVE-2011-3389, does that
mean that nobody yet identified python as being affected? How can
python be added here?


Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 31958061
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 31958062

Reply to: