The below appeared in the more general midrange list, which I'm now
cross-posting to the open source list.

It is not clear to me whether IBM is offering its own in-house fixes
or backporting the upstream fixes. And in general, I don't know if IBM
is offering complete 2.7.x and 3.4.x update releases as PTFs.
(According to those vulnerability reports, the official 2.7.12 and
3.4.5 from python.org do not suffer from the listed vulnerabilities.)

John Y.


---------- Forwarded message ----------
From: Steinmetz, Paul <PSteinmetz@xxxxxxxxxx>
Date: Thu, Mar 23, 2017 at 2:08 PM
Subject: Security Bulletin: Vulnerabilities CVE-2016-5636 and
CVE-2016-5699 in Python affect IBM i (2017.03.23)
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>




http://www.ibm.com/support/docview.wss?uid=nas8N1021926&myns=ibmi&mynp=OCSSTS2D&mynp=OCSSC5L9&mynp=OCSSC52E&mynp=OCSWG60&mync=E&cm_sp=ibmi-_-OCSSTS2D-OCSSC5L9-OCSSC52E-OCSWG60-_-E




Paul

-----Original Message-----
From: IBM My Notifications [mailto:mynotify@xxxxxxxxxxxxxxxxxxxx]
Sent: Thursday, March 23, 2017 2:01 PM
To: Steinmetz, Paul
Subject: Security Bulletin: Vulnerabilities CVE-2016-5636 and
CVE-2016-5699 in Python affect IBM i (2017.03.23)


My Notifications for IBM i - 23 Mar 2017

Dear Subscriber (psteinmetz@xxxxxxxxxx),

Here are your updates from IBM My Notifications.

Your support Notifications display in English by default. Machine
translation based on your IBM profile language setting is added if you
specify this option in Delivery preferences within My Notifications.
(Note: Not all languages are available at this time, and the English
version always takes precedence over the machine translated version.)

------------------------------------------------------------------------------
1. IBM i 7.1

- TITLE: Security Bulletin: Vulnerabilities CVE-2016-5636 and
CVE-2016-5699 in Python affect IBM i
- URL: http://www.ibm.com/support/docview.wss?uid=nas8N1021926&myns=ibmi&mynp=OCSSTS2D&mynp=OCSSC5L9&mynp=OCSSC52E&mynp=OCSWG60&mync=E&cm_sp=ibmi-_-OCSSTS2D-OCSSC5L9-OCSSC52E-OCSWG60-_-E
- ABSTRACT: Python is supported by IBM i. IBM i has addressed the
applicable CVE.

------------------------------------------------------------------------------
Manage your My Notifications subscriptions, or send questions and comments.
- Subscribe or Unsubscribe - https://www.ibm.com/support/mynotifications
- Feedback - https://www-01.ibm.com/support/feedback/techFeedbackCardContentMyNotifications.html

- Follow us on Twitter - https://twitter.com/IBM_i_eSupp



To ensure proper delivery please add mynotify@xxxxxxxxxxxxxxxxxxxx to
your address book.
You received this email because you are subscribed to IBM My Notifications as:
psteinmetz@xxxxxxxxxx

Please do not reply to this message as it is generated by an automated
service machine.

(C) International Business Machines Corporation 2017. All rights reserved.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.