Message 416510 - Python tracker

Message416510

Author	gregory.p.smith
Recipients	gregory.p.smith, lukasz.langa, ned.deily, pablogsal, paul.moore, steve.dower, tim.golden, zach.ware
Date	2022-04-01.19:25:42
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1648841142.75.0.617699188947.issue47194@roundup.psfhosted.org>
In-reply-to

Content
zlib v1.2.11 as used in Windows binary releases contains a security issue that, while fixed in its git repo years ago, never wound up in a release or a CVE until just now. Folllow the https://www.openwall.com/lists/oss-security/2022/03/24/1 thread and the and recently assigned CVE-2018-25032. I believe we only ship our own zlib on Windows so this issue is tagged as such. The above oss-security thread is where an idea of severity will come out.

Content

zlib v1.2.11 as used in Windows binary releases contains a security issue that, while fixed in its git repo years ago, never wound up in a release or a CVE until just now.

Folllow the https://www.openwall.com/lists/oss-security/2022/03/24/1 thread and the and recently assigned CVE-2018-25032.

I believe we only ship our own zlib on Windows so this issue is tagged as such.  The above oss-security thread is where an idea of severity will come out.

History
Date	User	Action	Args
2022-04-01 19:25:43	gregory.p.smith	set	recipients: + gregory.p.smith, paul.moore, tim.golden, ned.deily, lukasz.langa, zach.ware, steve.dower, pablogsal
2022-04-01 19:25:42	gregory.p.smith	set	messageid: <1648841142.75.0.617699188947.issue47194@roundup.psfhosted.org>
2022-04-01 19:25:42	gregory.p.smith	link	issue47194 messages
2022-04-01 19:25:42	gregory.p.smith	create