Message 212248 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	pefu
Recipients	christian.heimes, cvrebert, ezio.melotti, giampaolo.rodola, koobs, ncoghlan, offby1, pefu, pitrou, python-dev, r.david.murray, rmsr, skrah
Date	2014-02-26.11:25:44
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1393413944.92.0.962830018085.issue20246@psf.upfronthosting.co.za>
In-reply-to

Content
A recently posted proof of concept exploit got a lot of attention: https://www.trustedsec.com/february-2014/python-remote-code-execution-socket-recvfrom_into/ I suggest some Python core developer should clarify here whether people running some publically available python based web service (Zope, Plone, Roundup, MoinMoin, or whatever) are vulnerable or not.

A recently posted proof of concept exploit got a lot of attention:

https://www.trustedsec.com/february-2014/python-remote-code-execution-socket-recvfrom_into/

I suggest some Python core developer should clarify here whether people running some publically available python based web service
(Zope, Plone, Roundup, MoinMoin, or whatever) are vulnerable or not.

History
Date	User	Action	Args
2014-02-26 11:25:45	pefu	set	recipients: + pefu, ncoghlan, pitrou, giampaolo.rodola, christian.heimes, rmsr, ezio.melotti, r.david.murray, cvrebert, skrah, offby1, python-dev, koobs
2014-02-26 11:25:44	pefu	set	messageid: <1393413944.92.0.962830018085.issue20246@psf.upfronthosting.co.za>
2014-02-26 11:25:44	pefu	link	issue20246 messages
2014-02-26 11:25:44	pefu	create