This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author vstinner
Recipients jaybosamiya, larry, leosilva, serhiy.storchaka, vstinner
Date 2017-11-29.17:09:27
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1511975367.47.0.213398074469.issue30657@psf.upfronthosting.co.za>
In-reply-to
Content
Serhiy: "I don't think it is worth to add this vulnerability to the python-security website. You need to compile a 1 GiB Python file on 32-bit system for reproducing it. It is very unlikely that this can happen by accident, and it is hard to used it in security attack. If you can make the attacked program compiling a 1 GiB Python file, you perhaps have easier ways to make a harm."

I'm trying to keep track of all CVEs. People are scared by CVE numbers :-( But it seems like any bug can get a CVE number, without any real evalution of the severity of the bug.

I completed the description on python-security with your paragraph.

FYI I wrote python-security to make sure that vulnerabilities are fixed in supported Python branches. Here it seems like we forgot to fix Python 3.4 and 3.5.
History
Date User Action Args
2017-11-29 17:09:27vstinnersetrecipients: + vstinner, larry, serhiy.storchaka, jaybosamiya, leosilva
2017-11-29 17:09:27vstinnersetmessageid: <1511975367.47.0.213398074469.issue30657@psf.upfronthosting.co.za>
2017-11-29 17:09:27vstinnerlinkissue30657 messages
2017-11-29 17:09:27vstinnercreate