Python 2.6.7 security-only fix released
The Python developers have released Python 2.6.7, as noted when Python 2.5.6 was released last week. Python 2.6 is in "security fix only" mode until October 2013, with no new bug fixes or features to come; Python 2.6.7 saw three medium severity issues addressed. According to the Python 2.6.7 NEWS file, these were a vulnerability to XSS attacks in SimpleHTTPServer, a failure to follow redirections with file: schemes in urllib and urllib2 (CVE-2011-1521), and smtpd.py being vulnerable to DoS attacks due to missing error handling when accepting a new connection.
Still to come this month are Python 3.2.1 on June 5 and Python 2.7.2 and 3.1.4 on June 11. Unlike the 2.5.6 and 2.6.7 security only updates, Python 2.7.2 and 3.1.4 will be more general maintenance releases and 3.2.1 will be the latest in the ongoing development of Python.