[Stackless] Stackless to address multiple buffer overflow vulnerability?

Guy Hulbert gwhulbert at eol.ca
Fri Aug 15 22:11:09 CEST 2008


On Fri, 2008-15-08 at 16:02 -0400, Guy Hulbert wrote:
> Nope.  I read the link you posted:
> http://www.securityfocus.com/bid/30491 

At the end it says:

Not Vulnerable:  
  Python Software Foundation Python 2.5.2 r6
  Python Software Foundation Python 2.4.4 r14

This is particularly misleading.  The implication is that there are
fixes available at python.org but the "r6" and "r14" references come
from the gentoo bug-tracking system.

As far as I can tell, python.org has no "r#" patch releases.

In answer to your original question.  In most cases stackless has the
same vulnerabilities as python itself (since the sources are mostly the
same).  If you want the "Not Vulnerable" versions, I think you'd need to
build Stackless from the gentoo sources.

-- 
--gh






More information about the Stackless mailing list