The below appeared in the more general midrange list, which I'm now
cross-posting to the open source list.
It is not clear to me whether IBM is offering its own in-house fixes
or backporting the upstream fixes. And in general, I don't know if IBM
is offering complete 2.7.x and 3.4.x update releases as PTFs.
(According to those vulnerability reports, the official 2.7.12 and
3.4.5 from python.org do not suffer from the listed vulnerabilities.)
John Y.
---------- Forwarded message ----------
From: Steinmetz, Paul <PSteinmetz@xxxxxxxxxx>
Date: Thu, Mar 23, 2017 at 2:08 PM
Subject: Security Bulletin: Vulnerabilities CVE-2016-5636 and
CVE-2016-5699 in Python affect IBM i (2017.03.23)
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
http://www.ibm.com/support/docview.wss?uid=nas8N1021926&myns=ibmi&mynp=OCSSTS2D&mynp=OCSSC5L9&mynp=OCSSC52E&mynp=OCSWG60&mync=E&cm_sp=ibmi-_-OCSSTS2D-OCSSC5L9-OCSSC52E-OCSWG60-_-E
Paul
-----Original Message-----
From: IBM My Notifications [mailto:mynotify@xxxxxxxxxxxxxxxxxxxx]
Sent: Thursday, March 23, 2017 2:01 PM
To: Steinmetz, Paul
Subject: Security Bulletin: Vulnerabilities CVE-2016-5636 and
CVE-2016-5699 in Python affect IBM i (2017.03.23)
My Notifications for IBM i - 23 Mar 2017
Dear Subscriber (psteinmetz@xxxxxxxxxx),
Here are your updates from IBM My Notifications.
Your support Notifications display in English by default. Machine
translation based on your IBM profile language setting is added if you
specify this option in Delivery preferences within My Notifications.
(Note: Not all languages are available at this time, and the English
version always takes precedence over the machine translated version.)
------------------------------------------------------------------------------
1. IBM i 7.1
- TITLE: Security Bulletin: Vulnerabilities CVE-2016-5636 and
CVE-2016-5699 in Python affect IBM i
- URL:
http://www.ibm.com/support/docview.wss?uid=nas8N1021926&myns=ibmi&mynp=OCSSTS2D&mynp=OCSSC5L9&mynp=OCSSC52E&mynp=OCSWG60&mync=E&cm_sp=ibmi-_-OCSSTS2D-OCSSC5L9-OCSSC52E-OCSWG60-_-E
- ABSTRACT: Python is supported by IBM i. IBM i has addressed the
applicable CVE.
------------------------------------------------------------------------------
Manage your My Notifications subscriptions, or send questions and comments.
- Subscribe or Unsubscribe -
https://www.ibm.com/support/mynotifications
- Feedback -
https://www-01.ibm.com/support/feedback/techFeedbackCardContentMyNotifications.html
- Follow us on Twitter -
https://twitter.com/IBM_i_eSupp
To ensure proper delivery please add mynotify@xxxxxxxxxxxxxxxxxxxx to
your address book.
You received this email because you are subscribed to IBM My Notifications as:
psteinmetz@xxxxxxxxxx
Please do not reply to this message as it is generated by an automated
service machine.
(C) International Business Machines Corporation 2017. All rights reserved.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at
http://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link:
http://amzn.to/2dEadiD
As an Amazon Associate we earn from qualifying purchases.