Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 30 Oct 2019 12:10:20 +0100
From: Peter van Dijk <>
Subject: Python-3.5.8.tar.xz does NOT contain the fix for bpo-38243


Python 3.5.8 is supposed to contain a fix for bpo-38243, as mentioned

It turns out has accidentally shipped 3.5.8 without that
fix, if you pick tar.xz instead of .tgz. Please find attached the email
I have sent them.

I'm reporting this to oss-security so that no downstream distributors
accidentally ship the wrong 3.5.8. I have also reported it directly to
FreeBSD at as
they are the only distribution I could think of that still actually
ship vanilla Python 3.5.

Kind regards,
Peter van Dijk

Content of type "message/rfc822" skipped

Download attachment "signature.asc" of type "application/pgp-signature" (915 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.