[Zope] Re: [Fwd: [USN-359-1] Python vulnerability]
Tres Seaver
tseaver at palladion.com
Fri Oct 6 12:32:51 EDT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Chris Withers wrote:
> ouch... I'd imagine Zope is vulnerable to this?
>
> What source version(s) of python have these problems fixed?
I think the issue only surfaces if you compile Python for UCS4, which
the desktop-centric versions shipped by the distros do. If you build
Python using the default config, it uses UCS2 (which is a better choice
for long-running appservers, anyway).
I just verified this by running the example code from the SF bug[1]: it
aborts when run with Ubuntu's own python2.4, but not with the one I run
Zope with.
Python 2.4.4 will have this fix, when released.
[1]
http://sourceforge.net/tracker/index.php?func=detail&aid=1541585&group_id=5470&atid=305470
Tres.
- --
===================================================================
Tres Seaver +1 202-558-7113 tseaver at palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFJoUz+gerLs4ltQ4RAgSkAKCnUJxf0Rlv9EzBN/w3FkbTT3B2AgCgk4ag
j2smGvS6oNy+G0JR/AhyPRI=
=m8i0
-----END PGP SIGNATURE-----
More information about the Zope
mailing list