This is the mail archive of the cygwin-apps mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [SECURITY] python


On 2012-04-17 13:46, Yaakov (Cygwin/X) wrote:
On 2012-04-17 09:06, Jason Tishler wrote:
Yaakov,

On Mon, Apr 16, 2012 at 07:07:43PM -0500, Yaakov (Cygwin/X) wrote:
Security vulnerabilities have been announced in Python (CVE-2011-3389,
CVE-2012-0845, CVE-2012-0876, CVE-2012-1150) and are fixed in 2.6.8.

I will release 2.6.8 as soon as I can.


After that, do you have plans for 2.7 and 3.2?

I guess we can handle the 2.6 to 2.7 transition the same way we handled the 2.5 to 2.6 one. Should I begin that process after I release 2.6.8?

I think so; a month should be enough, and now is a good time for me as any.


AFAICT, I can release 3.x packages that can be installed along side of
the 2.x ones. If so, then the 3.2 packages can be released without
coordination from the Python module package maintainers. Am I correct?

Mostly. I have 26 packages in Ports which use python3 that I want to update for 3.2 first; it should only take me a day or two to do that. Perhaps we should do that first, then start working on the 2.6->2.7 bump.

Ping?



Yaakov



Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]