openbsd-ports

cpet/openbsd-ports

Fork 0

Commit Graph

Author	SHA1	Message	Date
brad	0da69615f6	Fix security issue with Python 2.1/2.2 Zack Weinberg found a vulnerability in the way the exevpe() method from the os.py module uses a temporary file name. A file which supposedly should not exist is created in a unsafe way and the method tries to execute it. The objective of such code is to discover what error the operating system returns in a portable way. By exploiting this vulnerability a local attacker can execute arbitrary code with the privileges of the user running python code which uses the execvpe() method. http://python.org/sf/590294 http://python.org/sf/601077	2002-10-08 02:52:25 +00:00
matt	9b44287b51	upgrade to 2.1.3 2.1.3 has very few improvements over 2.1.2, but the most important are some thread-safety fixes that were causing heavily loaded Zope sites to keel over.	2002-04-19 12:19:30 +00:00
matt	cf056f6c83	Python 2.1.2 and Python 2.2. Major changes: - no more threads flavor, threads is now the default. - subpackage modules that depend on other packages instead of having largely redundant flavors (unless platform has no shared libs, then flavors count again) - shared libpython stuff disabled until someone can figure out why it makes Zope crash	2002-02-15 19:42:18 +00:00

Author

SHA1

Message

Date

brad

0da69615f6

Fix security issue with Python 2.1/2.2

Zack Weinberg found a vulnerability in the way the exevpe() method
from the os.py module uses a temporary file name. A file which
supposedly should not exist is created in a unsafe way and the method
tries to execute it. The objective of such code is to discover what
error the operating system returns in a portable way.

By exploiting this vulnerability a local attacker can execute
arbitrary code with the privileges of the user running python code
which uses the execvpe() method.

http://python.org/sf/590294
http://python.org/sf/601077

2002-10-08 02:52:25 +00:00

matt

9b44287b51

upgrade to 2.1.3

2.1.3 has very few improvements over 2.1.2, but the most important
are some thread-safety fixes that were causing heavily loaded Zope
sites to keel over.

2002-04-19 12:19:30 +00:00

matt

cf056f6c83

Python 2.1.2 and Python 2.2.

Major changes:

- no more threads flavor, threads is now the default.

- subpackage modules that depend on other packages instead of having
largely redundant flavors (unless platform has no shared libs, then
flavors count again)

- shared libpython stuff disabled until someone can figure out why
it makes Zope crash

2002-02-15 19:42:18 +00:00

3 Commits