This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author ned.deily
Recipients christian.heimes, ned.deily, serhiy.storchaka, shuoz, terry.reedy, vstinner, xtreak
Date 2018-10-13.22:06:37
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1539468397.95.0.788709270274.issue34922@psf.upfronthosting.co.za>
In-reply-to
Content 
Serhiy's fixes (thanks!) are now released in 3.7.0rc2 and 3.6.7rc2 so I'm removing the "release blocker" status.  If there is nothing more to be done for this issue, can we close it?

shuoz:
> oh brother, maybe this worth open a cve.

Note that Serhiy believes that this is not a security issue since it is unlikely that the crash can be triggered by user data.  Anyone can cause segfaults or do damage if they have unrestricted access to a Python interpreter; that's a threat model for any language that allows sometime like Python's os.system or subprocess.  A better question is can a user of an application written in Python likely cause a DOS or create a privilege escalation.  Is that the case here?
History
Date User Action Args
2018-10-13 22:06:37ned.deilysetrecipients: + ned.deily, terry.reedy, vstinner, christian.heimes, serhiy.storchaka, xtreak, shuoz
2018-10-13 22:06:37ned.deilysetmessageid: <1539468397.95.0.788709270274.issue34922@psf.upfronthosting.co.za>
2018-10-13 22:06:37ned.deilylinkissue34922 messages
2018-10-13 22:06:37ned.deilycreate