Re: python 2.6.6 -> python 2.6.8

To: debian-security@lists.debian.org
Subject: Re: python 2.6.6 -> python 2.6.8
From: Marc Haber <mh+debian-security@zugschlus.de>
Date: Mon, 25 Jun 2012 14:21:42 +0200
Message-id: <[🔎] 20120625122142.GE17410@torres.zugschlus.de>
In-reply-to: <[🔎] 20120625114557.GA15675@lakka.kapsi.fi>
References: <[🔎] 20120625074908.GA17410@torres.zugschlus.de> <[🔎] 20120625114557.GA15675@lakka.kapsi.fi>

Hi Henri,

thanks for your explanation.

On Mon, Jun 25, 2012 at 02:45:57PM +0300, Henri Salo wrote:
> On Mon, Jun 25, 2012 at 09:49:08AM +0200, Marc Haber wrote:
> > a colleague pointed me to the release notes of python 2.6.8, where the
> > following security issues are listed being fixed:
> > 
> >  * oCERT-2011-003, CVE-2012-1150, hash collision denial of service)

"[squeeze] - python2.6 <no-dsa> (Minor issue)" means that there will
be no DSA because the issue is so minor that the team decided not to
bother?

> >  * CVE-2011-3389, disabling of the CBC IV attack countermeasure in the _ssl module

phyton is not listed in
http://security-tracker.debian.org/tracker/CVE-2011-3389, does that
mean that nobody yet identified python as being affected? How can
python be added here?

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 31958061
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 31958062

Reply to:

Follow-Ups:
- Re: python 2.6.6 -> python 2.6.8
  - From: Cyril Brulebois <kibi@debian.org>

References:
- python 2.6.6 -> python 2.6.8
  - From: Marc Haber <mh+debian-security@zugschlus.de>
- Re: python 2.6.6 -> python 2.6.8
  - From: Henri Salo <henri@nerv.fi>

Prev by Date: Re: python 2.6.6 -> python 2.6.8
Next by Date: Re: python 2.6.6 -> python 2.6.8
Previous by thread: Re: python 2.6.6 -> python 2.6.8
Next by thread: Re: python 2.6.6 -> python 2.6.8
Index(es):
- Date
- Thread