subject:"\[issue46918\] The vulnerability is included in \/lib\/python3.9\/ensurepip after python 3.9.2 is installed."

[issue46918] The vulnerability is included in /lib/python3.9/ensurepip after python 3.9.2 is installed.

2022-03-12 Thread Ned Deily



Change by Ned Deily :


--
resolution:  -> out of date
stage:  -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue46918] The vulnerability is included in /lib/python3.9/ensurepip after python 3.9.2 is installed.

2022-03-04 Thread Ned Deily



Ned Deily  added the comment:

To emphasize, Python 3.9.2 is obsolete and no longer supported; at the moment, 
the current release of Python 3.9 is 3.9.10. The most current bugfix release 
(3.9.x) obsoletes all previous releases of that Python version (3.9); during a 
version's support lifecycle, we only provide fixes for the most recent bugfix 
release (3.9.10). (Downstream third-party distributors of Python may have 
different support policies.)

https://www.python.org/downloads/

--
nosy: +ned.deily

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue46918] The vulnerability is included in /lib/python3.9/ensurepip after python 3.9.2 is installed.

2022-03-04 Thread Karthikeyan Singaravelan



Karthikeyan Singaravelan  added the comment:

https://nvd.nist.gov/vuln/detail/CVE-2020-14422

Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the 
IPv4Interface and IPv6Interface classes, which might allow a remote attacker to 
cause a denial of service if an application is affected by the performance of a 
dictionary containing IPv4Interface or IPv6Interface objects, and this attacker 
can cause many dictionary entries to be created. This is fixed in: v3.5.10, 
v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; 
v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2.

This CVE is listed as fixed in 3.9.0RC2 though you have added 3.9.2 and also 
mentioned ensurepip which doesn't seem to be relevant. Can you please add more 
detail over how we can reproduce the vulnerability in latest master or latest 
stable 3.9 release and how this is related to ensurepip.

--
nosy: +xtreak

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue46918] The vulnerability is included in /lib/python3.9/ensurepip after python 3.9.2 is installed.

2022-03-04 Thread zjmxq



New submission from zjmxq :

Vulnerability CVE-2021-29921,CVE-2020-14422, CVE-2021-3572, CVE-2021-33503 
Vulnerability Found in python 3.9.2 /lib/python3.9/ensurepip

--
components: Library (Lib)
messages: 414511
nosy: zjmxq
priority: normal
severity: normal
status: open
title: The vulnerability is included in /lib/python3.9/ensurepip after python 
3.9.2 is installed.
type: security
versions: Python 3.9

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue46918] The vulnerability is included in /lib/python3.9/ensurepip after python 3.9.2 is installed.

[issue46918] The vulnerability is included in /lib/python3.9/ensurepip after python 3.9.2 is installed.

[issue46918] The vulnerability is included in /lib/python3.9/ensurepip after python 3.9.2 is installed.

[issue46918] The vulnerability is included in /lib/python3.9/ensurepip after python 3.9.2 is installed.

4 matches

Site Navigation

Mail list logo

Footer information