[SECURITY] python
Yaakov (Cygwin/X)
yselkowitz@users.sourceforge.net
Tue Apr 17 18:47:00 GMT 2012
On 2012-04-17 09:06, Jason Tishler wrote:
> Yaakov,
>
> On Mon, Apr 16, 2012 at 07:07:43PM -0500, Yaakov (Cygwin/X) wrote:
>> Security vulnerabilities have been announced in Python (CVE-2011-3389,
>> CVE-2012-0845, CVE-2012-0876, CVE-2012-1150) and are fixed in 2.6.8.
>
> I will release 2.6.8 as soon as I can.
>
>> After that, do you have plans for 2.7 and 3.2?
>
> I guess we can handle the 2.6 to 2.7 transition the same way we handled
> the 2.5 to 2.6 one. Should I begin that process after I release 2.6.8?
I think so; a month should be enough, and now is a good time for me as any.
> AFAICT, I can release 3.x packages that can be installed along side of
> the 2.x ones. If so, then the 3.2 packages can be released without
> coordination from the Python module package maintainers. Am I correct?
Mostly. I have 26 packages in Ports which use python3 that I want to
update for 3.2 first; it should only take me a day or two to do that.
Perhaps we should do that first, then start working on the 2.6->2.7 bump.
Yaakov
More information about the Cygwin-apps
mailing list