In association with heise online

06 June 2011, 12:28

Python 2.6.7 security-only fix released

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Python icon The Python developers have released Python 2.6.7, as noted when Python 2.5.6 was released last week. Python 2.6 is in "security fix only" mode until October 2013, with no new bug fixes or features to come; Python 2.6.7 saw three medium severity issues addressed. According to the Python 2.6.7 NEWS file, these were a vulnerability to XSS attacks in SimpleHTTPServer, a failure to follow redirections with file: schemes in urllib and urllib2 (CVE-2011-1521), and smtpd.py being vulnerable to DoS attacks due to missing error handling when accepting a new connection.

Still to come this month are Python 3.2.1 on June 5 and Python 2.7.2 and 3.1.4 on June 11. Unlike the 2.5.6 and 2.6.7 security only updates, Python 2.7.2 and 3.1.4 will be more general maintenance releases and 3.2.1 will be the latest in the ongoing development of Python.

The Python 2.6.7 source code is available to download from the announcement page and is licensed under the Python licence.

(djwm)

Print Version | Send by email | Permalink: http://h-online.com/-1255750
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit