[CKAN-support] python vulnerability CVE-2013-7040

• Previous message: [CKAN-support] RV: Missing one validation in FI-CORE - (15 - OKF) (*** URGENT ***)
• Next message: [CKAN-support] Purge list - 500 error
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi
One of our customers is concerned about a python denial-of-service vulnerability mentioned here https://github.com/ckan/ckan/issues/1741. I see that at the moment, the issue is kind of a 'won't fix' but is fixed for Python 3+.

Has anyone worked out a solution at all for CKAN other than just wait for a version to be ready which used Python 3+? Or does anyone know how severe the vulnerability really is in practice?

Thanks
George

________________________________
This email and any files transmitted with it is confidential and intended solely for the use of the addressee. The unauthorised use, dissemination, forwarding, printing or copying of this communication is strictly prohibited. If you have received this communication in error please notify us immediately by reply email and destroy this communication. Any views and opinions presented in this email are solely those of the author and do not necessarily represent the views of XVT Solutions. The recipient should check this email and any attachments for viruses. XVT Solutions accepts no liability for the content of this email, and any damage caused by any viruses that could potentially be transmitted through this email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.okfn.org/mailman/private/ckan-support/attachments/20140707/c373e352/attachment-0002.html>

• Previous message: [CKAN-support] RV: Missing one validation in FI-CORE - (15 - OKF) (*** URGENT ***)
• Next message: [CKAN-support] Purge list - 500 error
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]