Message327677
Serhiy's fixes (thanks!) are now released in 3.7.0rc2 and 3.6.7rc2 so I'm removing the "release blocker" status. If there is nothing more to be done for this issue, can we close it?
shuoz:
> oh brother, maybe this worth open a cve.
Note that Serhiy believes that this is not a security issue since it is unlikely that the crash can be triggered by user data. Anyone can cause segfaults or do damage if they have unrestricted access to a Python interpreter; that's a threat model for any language that allows sometime like Python's os.system or subprocess. A better question is can a user of an application written in Python likely cause a DOS or create a privilege escalation. Is that the case here? |
|
Date |
User |
Action |
Args |
2018-10-13 22:06:37 | ned.deily | set | recipients:
+ ned.deily, terry.reedy, vstinner, christian.heimes, serhiy.storchaka, xtreak, shuoz |
2018-10-13 22:06:37 | ned.deily | set | messageid: <1539468397.95.0.788709270274.issue34922@psf.upfronthosting.co.za> |
2018-10-13 22:06:37 | ned.deily | link | issue34922 messages |
2018-10-13 22:06:37 | ned.deily | create | |
|