Message 363162 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	steve.dower
Recipients	Big Stone, erlendaasland, ned.deily, paul.moore, ronaldoussoren, steve.dower, tim.golden, zach.ware
Date	2020-03-02.11:39:41
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1583149181.64.0.84317207191.issue38380@roundup.psfhosted.org>
In-reply-to

Content
I marked the PR to backport to 3.7 and 3.8. Up to Benjamin whether 2.7 gets it, but unless there's a specific and impactful CVE that's been fixed, I doubt it (the one linked at the start of this issue seems to require direct modification of the SQL statement, which would be a bug in itself if permitted, so I think it's outside of our threat model for CPython).

I marked the PR to backport to 3.7 and 3.8.

Up to Benjamin whether 2.7 gets it, but unless there's a specific and impactful CVE that's been fixed, I doubt it (the one linked at the start of this issue seems to require direct modification of the SQL statement, which would be a bug in itself if permitted, so I think it's outside of our threat model for CPython).

History
Date	User	Action	Args
2020-03-02 11:39:41	steve.dower	set	recipients: + steve.dower, paul.moore, ronaldoussoren, tim.golden, ned.deily, zach.ware, Big Stone, erlendaasland
2020-03-02 11:39:41	steve.dower	set	messageid: <1583149181.64.0.84317207191.issue38380@roundup.psfhosted.org>
2020-03-02 11:39:41	steve.dower	link	issue38380 messages
2020-03-02 11:39:41	steve.dower	create