[Python-modules-team] Bug#646517: Insecure use of pickle when deserializing POST/PUT input

David Black disclosure at d1b.org
Wed Nov 2 01:13:21 UTC 2011

Previous message: [Python-modules-team] Bug#647315: marked as done (Security issue (no CVE yet))
Next message: [Python-modules-team] Bug#619096: python-qscintilla2: the PyQt4.QtCore module is version 1 but the PyQt4.Qsci module requires version -1
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi, upstream already has the pickle 'loader' (they have commented out
the pickle.load line) why hasn't debian already done this?

Previous message: [Python-modules-team] Bug#647315: marked as done (Security issue (no CVE yet))
Next message: [Python-modules-team] Bug#619096: python-qscintilla2: the PyQt4.QtCore module is version 1 but the PyQt4.Qsci module requires version -1
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-modules-team mailing list