The Python developers have released Python 2.6.7,
as noted when Python 2.5.6 was released last week. Python 2.6 is in
"security fix only" mode until October 2013, with no new bug fixes or
features to come; Python 2.6.7 saw three medium severity issues
addressed. According to the Python 2.6.7 NEWS
file, these were a vulnerability to XSS attacks in SimpleHTTPServer, a
failure to follow redirections with file: schemes in urllib and urllib2 (CVE-2011-1521), and smtpd.py being vulnerable to DoS attacks due to missing error handling when accepting a new connection.
Still to come this month are
Python 3.2.1 on June 5 and Python 2.7.2 and 3.1.4 on June 11. Unlike the
2.5.6 and 2.6.7 security only updates, Python 2.7.2 and 3.1.4 will be
more general maintenance releases and 3.2.1 will be the latest in the
ongoing development of Python.
The Python 2.6.7 source code is available to download from the announcement page and is licensed under the Python licence.
0 comments:
Post a Comment