[New-bugs-announce] [issue47194] Upgrade to zlib v1.2.12 in CPython binary releases
Gregory P. Smith
report at bugs.python.org
Fri Apr 1 15:25:42 EDT 2022
New submission from Gregory P. Smith <greg at krypto.org>:
zlib v1.2.11 as used in Windows binary releases contains a security issue that, while fixed in its git repo years ago, never wound up in a release or a CVE until just now.
Folllow the https://www.openwall.com/lists/oss-security/2022/03/24/1 thread and the and recently assigned CVE-2018-25032.
I believe we only ship our own zlib on Windows so this issue is tagged as such. The above oss-security thread is where an idea of severity will come out.
----------
components: Extension Modules, Windows
messages: 416510
nosy: gregory.p.smith, lukasz.langa, ned.deily, pablogsal, paul.moore, steve.dower, tim.golden, zach.ware
priority: release blocker
severity: normal
stage: needs patch
status: open
title: Upgrade to zlib v1.2.12 in CPython binary releases
type: security
versions: Python 3.10, Python 3.11, Python 3.7, Python 3.8, Python 3.9
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue47194>
_______________________________________
More information about the New-bugs-announce
mailing list