[Python-Dev] Python Remote Code Execution in socket.recvfrom_into()
Antoine Pitrou
solipsis at pitrou.net
Tue Feb 25 12:46:30 CET 2014
More information about the Python-Dev mailing list
Tue Feb 25 12:46:30 CET 2014
- Previous message: [Python-Dev] Python Remote Code Execution in socket.recvfrom_into()
- Next message: [Python-Dev] Python Remote Code Execution in socket.recvfrom_into()
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, 25 Feb 2014 08:39:40 +0100 Christian Heimes <christian at python.org> wrote: > > this looks pretty serious -- and it caught me off guard, too. :( > > https://www.trustedsec.com/february-2014/python-remote-code-execution-socket-recvfrom_into/ > > Next time please inform the Python Security Response Team about any > and all issues that are related to buffer overflows or similar bugs. > In fact please drop a note about anything that even remotely look like > an exploitable issue. Even public bug reports should be forwarded to PSRT. If that's the case, then can't we have an email hook on bugs.python.org every time an issue is classified as security? (either when created or later when modified) "Bug reports should be forwarded to PSRT" just adds a tedious and unnecessary manual step. Regards Antoine.
- Previous message: [Python-Dev] Python Remote Code Execution in socket.recvfrom_into()
- Next message: [Python-Dev] Python Remote Code Execution in socket.recvfrom_into()
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-Dev mailing list