[Zope] Re: [Fwd: [USN-359-1] Python vulnerability]
tseaver at palladion.com
Fri Oct 6 12:32:51 EDT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Chris Withers wrote:
> ouch... I'd imagine Zope is vulnerable to this?
> What source version(s) of python have these problems fixed?
I think the issue only surfaces if you compile Python for UCS4, which
the desktop-centric versions shipped by the distros do. If you build
Python using the default config, it uses UCS2 (which is a better choice
for long-running appservers, anyway).
I just verified this by running the example code from the SF bug: it
aborts when run with Ubuntu's own python2.4, but not with the one I run
Python 2.4.4 will have this fix, when released.
Tres Seaver +1 202-558-7113 tseaver at palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v184.108.40.206 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Zope