[SECURITY] python
Yaakov (Cygwin/X)
yselkowitz@users.sourceforge.net
Mon May 21 20:03:00 GMT 2012
On 2012-04-17 13:46, Yaakov (Cygwin/X) wrote:
> On 2012-04-17 09:06, Jason Tishler wrote:
>> Yaakov,
>>
>> On Mon, Apr 16, 2012 at 07:07:43PM -0500, Yaakov (Cygwin/X) wrote:
>>> Security vulnerabilities have been announced in Python (CVE-2011-3389,
>>> CVE-2012-0845, CVE-2012-0876, CVE-2012-1150) and are fixed in 2.6.8.
>>
>> I will release 2.6.8 as soon as I can.
>>
>>> After that, do you have plans for 2.7 and 3.2?
>>
>> I guess we can handle the 2.6 to 2.7 transition the same way we handled
>> the 2.5 to 2.6 one. Should I begin that process after I release 2.6.8?
>
> I think so; a month should be enough, and now is a good time for me as any.
>
>> AFAICT, I can release 3.x packages that can be installed along side of
>> the 2.x ones. If so, then the 3.2 packages can be released without
>> coordination from the Python module package maintainers. Am I correct?
>
> Mostly. I have 26 packages in Ports which use python3 that I want to
> update for 3.2 first; it should only take me a day or two to do that.
> Perhaps we should do that first, then start working on the 2.6->2.7 bump.
Ping?
Yaakov
More information about the Cygwin-apps
mailing list