New submission from Gregory P. Smith <g...@krypto.org>:
zlib v1.2.11 as used in Windows binary releases contains a security issue that, while fixed in its git repo years ago, never wound up in a release or a CVE until just now. Folllow the https://www.openwall.com/lists/oss-security/2022/03/24/1 thread and the and recently assigned CVE-2018-25032. I believe we only ship our own zlib on Windows so this issue is tagged as such. The above oss-security thread is where an idea of severity will come out. ---------- components: Extension Modules, Windows messages: 416510 nosy: gregory.p.smith, lukasz.langa, ned.deily, pablogsal, paul.moore, steve.dower, tim.golden, zach.ware priority: release blocker severity: normal stage: needs patch status: open title: Upgrade to zlib v1.2.12 in CPython binary releases type: security versions: Python 3.10, Python 3.11, Python 3.7, Python 3.8, Python 3.9 _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue47194> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
