Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 30 Oct 2019 12:10:20 +0100
From: Peter van Dijk <peter.van.dijk@...erdns.com>
To: oss-security@...ts.openwall.com
Subject: Python-3.5.8.tar.xz does NOT contain the fix for bpo-38243

Hello,

Python 3.5.8 is supposed to contain a fix for bpo-38243, as mentioned
at 
https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-8-final

It turns out python.org has accidentally shipped 3.5.8 without that
fix, if you pick tar.xz instead of .tgz. Please find attached the email
I have sent them.

I'm reporting this to oss-security so that no downstream distributors
accidentally ship the wrong 3.5.8. I have also reported it directly to
FreeBSD at https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=241586 as
they are the only distribution I could think of that still actually
ship vanilla Python 3.5.

Kind regards,
-- 
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/

Content of type "message/rfc822" skipped

Download attachment "signature.asc" of type "application/pgp-signature" (915 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.